[OpenAFS-devel] setgroups() fails to change pag under linux 2.6

C. Alex. North-Keys alex.north-keys@TheCatalis.com
Fri, 14 Jul 2006 13:40:51 -0500 

Is there anyone working on a PAG system that doesn't squat in the group 
ID space?  Several sites (ours included) have seen failures relating to 
the use of group permissions when numeric groups in the auxilliary group 
ID list cannot be mapped back to group names, even on files outside of 
the AFS space.

Christopher Allen Wing wrote:
> Yep, this is due to the fact that linux 2.6 now supports an arbitrary 
> number of supplemental groups (instead of the fixed array in earlier 
> versions).
> 
> I had various similar hacks in the past that also broke.
> 
> 
> I think if you want to make this work you might consider writing a 
> kernel module or something that just modifies the group list directly.  
> Or you could propose a cross-platform interface for OpenAFS to offer a 
> means of joining existing PAGs.
> 
> -Chris Wing
> wingc@engin.umich.edu
> 
> 
> On Fri, 14 Jul 2006, David Thompson wrote:
> 
>>
>> I have a "pag manager" I'm trying to migrate from linux 2.4 to linux 
>> 2.6, and
>> I seem to have hit a wall.
>>
>> The manager's function is to select an appropriate (preexisting) pag 
>> based on
>> the user's identity, cause it to become the pag for the current process,
>> and exec a target program.
>>
>> Under linux 2.4, if I happened to know the group IDs for a given pag, 
>> sample
>> code like the following allowed a euid=0 process to acquire that pag:
>>
>> int joinpag (int g0, int g1)
>> {
>>  int res, ngroups;
>>  gid_t grouplist[NGROUPS_MAX];
>>
>>  if ((ngroups = getgroups (NGROUPS_MAX, grouplist))<0) { return -1; }
>>
>>  grouplist[0] = (gid_t)g0;
>>  grouplist[1] = (gid_t)g1;
>>
>>  if ((res = setgroups (ngroups, grouplist)) < 0) { return -2; }
>>
>>  return 0;
>> }
>>
>> If I try this with a 2.6 kernel, the groups g0 and g1 end up at the 
>> _end_ of
>> the groups list, and the original pag remains active.
>>
>> Have other people run into this?  Is there an alternative method to 
>> joining an
>> existing pag?
>>
>> Thanks in advance.
>>
>> Dave Thompson
>> UW-Madison
>>
>>
>>
>>
>> _______________________________________________
>> OpenAFS-devel mailing list
>> OpenAFS-devel@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-devel
>>
>>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 
C. Alex. North-Keys
Catalis, Inc.
alex.north-keys@TheCatalis.com
512.874.7666