[OpenAFS-devel] setgroups() fails to change pag under linux 2.6
Jeffrey Hutzelman
jhutz@cmu.edu
Fri, 21 Jul 2006 13:44:01 -0400
On Friday, July 21, 2006 08:46:07 AM -0500 David Thompson
<thomas@cs.wisc.edu> wrote:
> Jeffrey Hutzelman wrote:
>>
>> What UID do those scripts run as?
>> If they all run as the same user, then you haven't gained much.
>> And if they don't, then something with UID 0 is involved in creating
>> them, and the one-PAG-per-second rate limit doesn't apply to UID 0.
>
> Yes, the authentication wrapper is suid root.
So arrange for your wrapper to set a new PAG before changing its UID, and
the one-PAG-per-second limit won't apply. Then just make sure you reboot
your servers often enough to avoid rollover (at least once every 2^24 PAG's)
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA