This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: getgrouplist implementation


   From: Ulrich Drepper <drepper@redhat.com>
   Date: 09 Jun 2001 23:43:43 -0700

   Mark Kettenis <kettenis@wins.uva.nl> writes:

   > Here is a patch that implements getgrouplist() from 4.4 BSD.  We
   > really need this to handle supplementary group ID's in the Hurd and
   > implementing it outside glibc would be pretty hard.

   Give me some more details, please.  I've never come across a situation
   where it is used and don't want to add cruft for all platforms just
   because BSD did it.

Basically you would use it in a situation where you're interested in a
user's suplementary group IDs, but where you do not want to set them
(or at least not yet).  You could roll your own getgrouplist() using
getgrent(), but that wouldn't be terribly efficient and probably even
miss out groups if you use NSS backends like NIS+ or Hesiod.

OpenSSH uses getgrouplist() to implement some access control based on
suplementary group IDs.

In the Hurd we have a lot more flexibility with respect to user and
group IDs than on traditional UNIX.  That's why we need to fetch a
complete list of supplementary group ID's and fiddle with those
instead of calling initgroups().

Mark


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]