Russ:
On Mon, 11 Jun 2007, Russ Allbery wrote:
Note that, if possible, the group is also created even if the keyring is used.
Yes; this is true for now, but it's not something that should be relied upon since the group is not always guaranteed to be there (e.g, when calling getgroups()), even when the process is a member of a PAG.
In particular, on recent linux kernels w/keyring support, when a process calls setgroups(), the special AFS groups go away, but the process is still a member of the PAG as determined by the keyring data. The special group/groups will then be re-created the next time that the process attempts to access AFS (which might happen at some non-deterministic moment in the future). So you can't assume that absence of the special group IDs implies that the process is not inside a PAG.
(Okay, I guess you could always attempt some AFS no-op before calling getgroups(), which would cause the AFS module to re-create the special group if you were in a PAG, but that's an implementation detail I wouldn't want to rely upon either)
-Chris [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
