On Thu, Jun 28, 2012 at 01:15:52AM +0200, Wouter Verhelst wrote: > On Mon, Jun 25, 2012 at 03:32:55AM +0400, Dmitry V. Levin wrote: > > Before this change, there was no way to clear or change supplementary > > groups at all, which is usually required to be done along with changing > > UID and GID. This change introduces a new global config boolean option > > "setgroups" and enables it by default. When this option is set to true, > > - "group" option will additionally clear the list of supplementary groups; > > This is sensible, I suppose. > > > - unless "group" option is specified, "user" option will additionally > > change both GID and the list of supplementary groups to those defined > > by the given user name. > > I'm not sure about that one; I think setting a group based on an option > called "user" -- if there is no option "group" specified -- is going to > be counterintuitive.
From my PoV, switching UID without switching GID and supplementary groups hardly has a practical sense, so it is most likely a configuration error rather than a conscious decision. > Instead, it might be better to redefine the "group" option as a > comma-separated list, so that multiple groups can be set in the > configuration file, if needs be. Since each user name defines not only UID but also GID and supplementary groups, such a change would encourage users to duplicate configuration already defined in the system. It's a pity that "group" option exists at all, "user" option would be enough. -- ldv
pgpxkaA58fHl9.pgp
Description: PGP signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
