mrg@eterna.com.au (matthew green) writes:

>   Why do we need a third fix for this problem?

>admittedly, i had not thought of the other two solutions to my problem,
>however, i do believe that it would be better if pwd.db was looked at
>by root, if spwd.db is missing, simply because it seems more correct to
>do so to me, than not to do so.

I'm not against this change.  I just thought we should have a good reason
for that change, if it goes in, and I don't thing that particular reason
was a good one.  We could have documented that behaviour in an appropriate
man page (i.e. one which you could expect reasonably people would consult
when setting up a chrooted environment).

I just noticed an oversight in your patch, though.  In the case, that
the attempt to open the password database fails, the old code
logs an error.  Your patch logs errors only when /etc/pwd.db is missing.
This should be corrected, I think.  It might be worthwhile to think
about falling back to /etc/pwd.db only in the case that the first dbopen
fails because of ENOENT, too.  And that's my last quibble about that change.

-- 
Christoph Badura

Now available in print: Lion's Commentary on UNIX 6th Edition, with Source Code
			http://www.peer-to-peer.com/