[OpenAFS-devel] Re: openafs / opendfs collaboration
Matthew N. Andrews
matt@slackers.net
Wed, 26 Jan 2005 13:41:09 -0800
> such that a userspace credential cache would be insufficient?
>
> in other words, if i log in as user1 and create boat-loads
> of processes, is there _any_ circumstance under which any
> arbitrary user2 _needs_ access to the cached credentials
> of user1?
>
I think you're missing a key feature of pags here. you can have a
process acquire credentials that:
1) other processes with the same uid/gid cannot access.
2) are accessible to child processes with a differend uid/gid, unless
specific actions are taken to drop access by an intermediat
descendant/ancestor.
and yes, there are circumstances when changing effective uid needs NOT
to drop access to my credentials. in particular, setuid programs run by
me should retain access to my afs credentials.
-Matt Andrews
> l.
>
> --
> <a href="http://lkcl.net">http://lkcl.net</a>
> --
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
>