[OpenAFS-devel] Re: [OpenAFS] 2.6 kernel support anytime soon?
Workarounds?
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 11 May 2004 14:01:37 -0400
On Tuesday, May 11, 2004 12:07:43 -0400 Matthew Miller <mattdm@mattdm.org>
wrote:
> On Tue, May 11, 2004 at 11:28:32AM -0400, Jeffrey Hutzelman wrote:
>> > On Mon, May 10, 2004 at 07:02:26PM -0400, Jeffrey Hutzelman wrote:
>> >>> Putting the PAG in the supplementary group list, though unavoidable,
>> >>> was and is no less broken.
>> >> True. But it's not terribly invasive and works pretty much
>> >> everywhere.
>> > Except for the part where it breaks Unix security.....
>> Can you be a bit more specific? What does it break?
>
> Suddenly people are members of groups they weren't before! What if it
> happens to be a group that is supposed to mean something?
It had better not be. As administrator of a machine, the GID space is
entirely under your control. If you're going to run an AFS client, you
currently need to reserve GID's in the range 0x3F00-0xFEFF for AFS. That
still leaves 16K groups for non-AFS uses, which is far more than most
systems will ever need.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA