Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Date: Mon, 15 Jul 2002 08:50:52 -0400 From: Jason Tishler Subject: Re: Corinna or Pierre please comment? [jason AT tishler DOT net: Re: setuid() problem when disconnected from PDC under 1.3.12-2] In-reply-to: <20020715110733.B6932@cygbert.vinschen.de> To: cygwin-developers AT cygwin DOT com Mail-followup-to: cygwin-developers AT cygwin DOT com Message-id: <20020715125051.GC2372@tishler.net> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4i References: <20020713165415 DOT GB30143 AT redhat DOT com> <20020715110733 DOT B6932 AT cygbert DOT vinschen DOT de> Corinna, On Mon, Jul 15, 2002 at 11:07:33AM +0200, Corinna Vinschen wrote: > So, basically the current implementation is more correct than the old > implementation. I don't see how to make it better. But, the current implementation causes sshd and cron to fail for domain users when their server is disconnected from its PDC. IMO, this is not good. > [snip] > > We *could* change it this way to succeed more often: > > GetPDC(); > if (has_pdc) > { > get_domain_groups_of_account(); > get_local_groups_of_account(); > if (!has_primary_group) > get_primary_group_of_account(); > } > if (!has_primary_group) > get_primary_group_from_etc_passwd(); > get_supplementary_groups_from_etc_group(); > > > That could leave you with a somewhat restricted token, though. I haven't fully evaluated the above ramifications, but IMO, some relaxation of the current implementation is needed. What do others think? Thanks, Jason