[OpenAFS-devel] Unprotected PAGs

Garance A Drosihn drosih@rpi.edu
Thu, 22 Sep 2005 15:43:16 -0400


At 6:55 PM +0200 9/21/05, Alexander Bostr=F6m wrote:
>I like my PAGs unprotected. That is, without the setgroups wrapper.

I am not completely sure I understand what you mean by that, but
I'll ask a few questions based on what I *think* you mean.  What I
am thinking of is more accurately "without PAGs" instead of "with
unprotected PAGs", so it's quite possible I am thinking of the
wrong thing...

>In case you wonder, my reasons for preferring unprotected PAGs
>include:
>
>I don't need protected PAGs and my users won't notice the difference.
>Since the syscall table thing is a bit controversial, avoiding it
>seems like a good idea.

Will this cause you problems when the same user starts multiple
sessions?  If I'm on box-A, and ssh into box-B, and ssh into box-B
a second time, then what happens to the first box-B connection
when the second one logs out?  What happens to the first session
if the second session does a klog to some alternate userid?

>Getting out of a PAG can be useful sometimes, for example when
>starting deamons.
>
>If httpd is allowed to, it will break out of the PAG (if started
>from a PAG:d shell). That means that the problem of getting into
>the same PAG as httpd disappears, which makes it possible to use
>cron to update the token for the httpd user.

Why not just start daemons from a pag-less shell?  I either login
to root via a serial console, or I have some another daemon which
is launched at startup (and thus has no PAG).  I then tell *that*
daemon to start the daemon(s) I want to start up without a pag.

-- 
Garance Alistair Drosehn            =3D   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu