[OpenAFS] keyring support
Wed, 06 Dec 2006 17:18:23 -0500
On Wednesday, November 15, 2006 12:21:53 PM -0800 Russ Allbery
> Ryan Underwood <email@example.com> writes:
>> On Fri, Nov 10, 2006 at 03:43:11PM -0600, Ryan Underwood wrote:
>>> What Linux kernel and what OpenAFS version are necessary for the
>>> keyring pag support? I am using 2.6.16 and OpenAFS 1.4.2 and pags are
>>> still not being preserved across fork.
>> Interesting. It appears that an authenticated shell can fork and exec
>> another process and that process has tokens, but an authenticated shell
>> that forks and execs another shell results in a child shell with no
>> tokens. What would cause that?
> I have no idea with keyrings, but if groups were being used, that sounds
> exactly like the symptoms of not being able to interrupt the setgroups
> system call. Shells often call initgroups when they're started, which
> will drop the PAG groups unless the setgroups system call is successfully
Um, setgroups is privileged; ordinary shells don't get to call it.
Unless your uid is 0, or whatever passes for that on your system.