On Thu, Jun 28, 2012 at 04:19:17AM +0400, Dmitry V. Levin wrote: > On Thu, Jun 28, 2012 at 01:15:52AM +0200, Wouter Verhelst wrote: > > On Mon, Jun 25, 2012 at 03:32:55AM +0400, Dmitry V. Levin wrote: > > > Before this change, there was no way to clear or change supplementary > > > groups at all, which is usually required to be done along with changing > > > UID and GID. This change introduces a new global config boolean option > > > "setgroups" and enables it by default. When this option is set to true, > > > - "group" option will additionally clear the list of supplementary groups; > > > > This is sensible, I suppose. > > > > > - unless "group" option is specified, "user" option will additionally > > > change both GID and the list of supplementary groups to those defined > > > by the given user name. > > > > I'm not sure about that one; I think setting a group based on an option > > called "user" -- if there is no option "group" specified -- is going to > > be counterintuitive. > > From my PoV, switching UID without switching GID and supplementary groups > hardly has a practical sense, so it is most likely a configuration error > rather than a conscious decision.
That's not the experience I've had with most daemons. I also disagree that this is useless; I've had situations where not switching the group made some sense. Additionally, this changes current behaviour, which I think is even worse than bad defaults. So I'm going to NAK this, I'm afraid. > > Instead, it might be better to redefine the "group" option as a > > comma-separated list, so that multiple groups can be set in the > > configuration file, if needs be. > > Since each user name defines not only UID but also GID and supplementary > groups, such a change would encourage users to duplicate configuration > already defined in the system. It's a pity that "group" option exists at > all, "user" option would be enough. I don't agree with that statement. -- The volume of a pizza of thickness a and radius z can be described by the following formula: pi zz a ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
