Subject: Re: group name/gid expiry?
To: Iain Hibbert <email@example.com>
From: Greg Troxel <firstname.lastname@example.org>
Date: 03/09/2007 15:25:02
Iain Hibbert <email@example.com> writes:
> I am looking at adding an option "-G group" to sdpd(8) to allow members
> of the specific group to modify the database, so that for instance you
> don't need root privileges to run programs which register a service and
> wait for bluetooth connections.
> Is it ok to cache a gid returned from getgrnam(3) during the setup, or
> should I check it on each open, in case it changed?
I wonder if there should be some way for user space to invoke kauth
ops in the kernel; you're adding an ad hoc mechanism (which seems
useful and reasonable) to implement ACLs. It would be nice if there
were a more uniform way, even across the kernel/user boundary.