[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: converting uid/gid to abstract credentials
On Jun 1, 5:54pm, n0g0013 wrote:
} planning to begin tackling a variety of changes in the kernel. the
} first of which is to abstract and extend user credentials (initially
} to remove the group membership limit). however, initial engagement
The group membership limit is historically dictated by NFS. If
you don't care about NFS, then there is nothing stopping you from
bumping NGROUPS and rebuilding the system.
} with POSIX on the subject would seem to define 'uid_t' and 'gid_t' as
} 'integer types'. however, 'integer type' does not appear to be defined
} except within the loose terms of C99 (the best i can understand).
} as such i'm looking for opinions and definite issues that may arise
} from using an abstract encoding of 'uid_t' similar to BCD.
Why? What benefit would you get from doing this?
} my main worry is that arithmetic operations may be implied from the
} definition but my initial thoughts suggest to me that, whist it may
} be an integer value, it is an identifier and not a number. therefore
} arithmetic operations are not of real concern. i.e. we gain nothing
} by adding, subtracting or dividing these identifiers only from testing
} their equality. in this sense any abstract encoding is irrelevant
} as long as they are 'equal' when the 'the same' (if that makes any
It is primarily used for comparison, but there can be frequent
comparisons done depending on what applications are doing.
Outside the kernel, uids and gids MUST stay the same as they are
to maintain compatibility with POSIX and expected system behaviour.
This means that you would have to translate the numbers any time they
crossed the kernel boundary.
}-- End of excerpt from n0g0013
Main Index |
Thread Index |