shuaijie wang <[email protected]> writes: > I have a daemon process whose ruid is a normal user and euid is root, it > does most of its work under normal user, but occasionally it needs to > change its euid to root to do something, so we can't just change both of > its ruid and euid to normal user. And when I want to create a PAG for > this process, I make this process to fork a child to exec aklog -setpag > to do this, but our linux kernel is 2.6.34, which has keyring feature > enabled, and we found that under this circumstance, the keyring created > by this process belongs to the ruid, not euid, so the keyring created is > root, and the aklog forked by this daemon can't write into this keyring, > thus causing pag creation error. And I've tries many ways to change the > permission of the keyring, but they didn't work.
aklog -setpag is a horrible hack that (IMO) completely breaks the expected inheritance semantics of PAGs. It's also rather fragile and has broken from time to time, since it requires a child process to change internal state of its parent, which is not an operation that's normally supposed to be possible. I would never use it. Instead, create the PAG directly in the parent process using the k_setpag() function provided by libkafs or libkopenafs. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
