Sylvain Beucler <[EMAIL PROTECTED]> tapota : > On Wed, Dec 29, 2004 at 09:51:03PM +0100, Mathieu Roy wrote: >> Sylvain Beucler <[EMAIL PROTECTED]> tapota : >> > I am experiencing a nasting bug from our beloved Debian useradd >> > implementation. >> > >> > It refuses to set a user's groups if you want to add him to more than >> > 32 groups. >> > >> > I think I'll recompile the 'shadow' suite (just like we did to accept >> > longer group names and group names that begin with a digit), but I >> > would like to know if the former Savannah hackers got this problem >> > before. They should, since the Savannah setup makes people from >> > project 'www' part of all web* groups, ie ~2000 groups. >> >> >> All web* groups from the GNU type, isn't it? This was necessary in the >> past with the previous backend, sv_cvs. With the new backend (which is >> old now), it was not yet necessary. > > All web* groups from all group types actually.
In my opinion, that's a bug. People from the GNU www projects are not entitled to modify non GNU projects contents. At least, not considering the definition of non-GNU projects at the time it was established. If it is for real, not a bug, then this a new thing of 2004. > > This is a bit strange; for now I use vanilla sv_users and its old > hardcoded 'www' support, and I get the error from usermod. I wonder > why you didn't get it with the new backend. Well, I must say I don't remember. In my mind, sv_users from the start avoided the non-GNU groups (which should slightly reduce the risk of such issue). But even if it does not, the backend was anyway using patched usermod/useradd in this regard. >> Nowadays, I think ACL solution should be worked on. Having people >> member of more than 32 groups is somehow a no go, especially in the >> web groups case. >> >> The way CVS access to GNU webpages seems to me broken by design, when >> it comes to scalability. Maybe it is time to fix that, instead of >> dealing with it. And ACL may be the way to go. > > I wonder why it is so difficult to be member of more than 32 > (sometimes 16) groups. > > Thanks for your suggestion regarding the ACL. I will keep this in > mind, though the priority right now is to get an easily updatable > version of Savane working at Savannah :) I guess the short solution is to use patched usermod/useradd. In the long run, using ACL instead would be good. Maintaining patches set is not exactly for the best. -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
