Mailing-List:	contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT cygwin DOT com>
List-Help:	<mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin-developers AT cygwin DOT com
Date:	Mon, 15 Jul 2002 08:50:52 -0400
From:	Jason Tishler <jason AT tishler DOT net>
Subject:	Re: Corinna or Pierre please comment? [jason AT tishler DOT net: Re: setuid()
	problem when disconnected from PDC under 1.3.12-2]
In-reply-to:	<20020715110733.B6932@cygbert.vinschen.de>
To:	cygwin-developers AT cygwin DOT com
Mail-followup-to:	cygwin-developers AT cygwin DOT com
Message-id:	<20020715125051.GC2372@tishler.net>
MIME-version:	1.0
User-Agent:	Mutt/1.4i
References:	<20020713165415 DOT GB30143 AT redhat DOT com>
	<20020715110733 DOT B6932 AT cygbert DOT vinschen DOT de>

Corinna,

On Mon, Jul 15, 2002 at 11:07:33AM +0200, Corinna Vinschen wrote:
> So, basically the current implementation is more correct than the old
> implementation.  I don't see how to make it better.

But, the current implementation causes sshd and cron to fail for domain
users when their server is disconnected from its PDC.  IMO, this is not
good.

> [snip]
> 
> We *could* change it this way to succeed more often:
> 
>   GetPDC();
>   if (has_pdc)
>     {
>       get_domain_groups_of_account();
>       get_local_groups_of_account();
>       if (!has_primary_group)
> 	get_primary_group_of_account();
>     }
>   if (!has_primary_group)
>     get_primary_group_from_etc_passwd();
>   get_supplementary_groups_from_etc_group();
> 
> 
> That could leave you with a somewhat restricted token, though.

I haven't fully evaluated the above ramifications, but IMO, some
relaxation of the current implementation is needed.

What do others think?

Thanks,
Jason

- Raw text -