Will Hopkins <[EMAIL PROTECTED]> said:
> Please do not do this. -2 has the virtue that it's
> unambiguous (i.e., doesn't depend on being stored as
> a signed value of a particular size), and is a clear
> sentinel value outside the normal range of valid UIDs.
> 60001 is smack-dab in the middle of the UID space on
> systems that support large UIDs, and will force nearly
> every program that deals with UIDs to make explicit
> checks for that value even if they don't know or care
> about user nobody.
Are you saying that something in DCE will break or are you saying that
this is just not a good idea? I care alot about the first case and
somewhat less about the second.
In DFS nobody is not just another account, documentation says that it
is used to handle unauthenticated foreign cell access. Such users are
treated as the user nobody (in ACLs). Is it the UID -2 or the
principal name nobody that's significant?
In addition, Solaris cannot parse a negative UID in the local password
file correctly; it turns any out-of-range [0..MAXUID] UID into
UID_NOBODY [60001] silently anyway.
However, it handles a negative group fine!
So, it appears to me that it makes no difference whether nobody's UID
is -2 or 60001 (on Solaris 2.4 anyway).
Bill
