Subject: Re: bin/18222: patch to allow a uid or gid of (-2) matching default NFS mapping for remote root users
To: None <email@example.com, firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 09/07/2002 17:01:00
[ On Saturday, September 7, 2002 at 19:44:09 (+0100), David Laight wrote: ]
> Subject: Re: bin/18222: patch to allow a uid or gid of (-2) matching default NFS mapping for remote root users
> On Sat, Sep 07, 2002 at 07:23:10PM +0100, David Laight wrote:
> > > >Synopsis: patch to allow a uid or gid of (-2) matching default
> > > NFS mapping for remote root users
> > >
> > > increase UID_MAX and GID_MAX to (UINT_MAX-1)
> > Wouldn't it be better to use (~(uid_t)0 - 1) and (~(gid_t)0 - 1) ?
> A quick look at the history of syslimits.h (brought on by the fact
> that the comments for these values didn't match the value) shows
> that the limit has been 2^32-2 before.
> It was changed because setreu/gid() allows -1 (meaning don't
> change) which has to be within the domain of u/gid_t.
Yes, I remember that -- but the change was ultra-conservative and
results in my "nfsanon" user being "invalid". My PR is in part in
(delayed) response to that change.
2^32-1 is the correct limit to allow for -2 as a valid value and -1 as a
special meaning to things like setreuid() [which I don't really care
about anywas as I've disabled it on my own systems for security reasons ;-)].
> This is another of those types  whose domain is -1..MAXINT-1
> that C doesn't quite copy with.
It's not C that's at fault -- it's bad/lazy API design. :-)
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>