On Wed, Jul 04, 2012 at 02:32:11AM +0400, Dmitry V. Levin wrote: > Unfortunately, in situations where nbd-server processes are running with a > privileged group id and a full set of supplementary groups, these > processes usually would have write access to many more files than one > would like to allow them.
I agree that this can be a problem in some cases, but it can also be a feature. > > Additionally, this changes current behaviour, which I think is even > > worse than bad defaults. > > > > So I'm going to NAK this, I'm afraid. > > Would it be acceptable to introduce the same "setgroups" option with the > same semantics but not enabled by default? I suppose, yes. I'm still not convinced of its usefulness, but if it doesn't change current behaviour (and thereby can't surprise users) it's not a real problem. It won't be part of 3.2 anymore, though, since I've just released that. I suppose I should've given you a chance to respond first; sorry 'bout that. -- The volume of a pizza of thickness a and radius z can be described by the following formula: pi zz a ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
