[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ITS#98 'user' patch for BSD systems
patl@phoenix.volant.org writes:
> There may not be a passwd entry for that uid.
Good point.
> I'll admit that multiple usernames with one uid (and different group
> sets), and valid uids with no associated passwd entry are probably
> rare pathological cases. I was taking the paranoid cover-all-bases
> approach; but I'm not particularly married to it.
Thanks. Then I suggest we require groups to be specified if the user is
numeric _and_ getpwuid() failed (so run_username == NULL). Since ps/ls
don't do or say anything clever, people who use uids with multiple
usernames need to know what they are doing anyway.
> That looks reasonable. You might be able to simplify a little by
> leaving ngids==0 for the initgroups case and making that final part:
>
> if ( run_uid != 0 ) {
Poor 'root' - isn't he allowed to grab a group id and use that to access
the database? :-) He might be mapped to 'nobody' on some relevant
filesystem. This seems better:
if ( run_uid >= 0 || run_username != NULL ) {
where run_uid would be initialized as -1.
> But your version is better if we assume the possible addition of
> separate -u and -g command-line options; and we allow -g to be
> specified without -u. Separate options seems likely since that
> provides the easiest way of parsing multiple groups.
Whoever adds options can worry about that. But maybe the easiest to
implement is
-c "slapd.conf-line"
in any case.
>>> (It is only by a herculean effort of will that I'm avoiding starting a
>>> rant about isdigit(), et. al., not being able to handle whatever char
>>> type is native to that compiler.
> (...)
Sorry, after your herculean effort I should not have tempted you.
I'll send a short private reply instead.
--
Hallvard