On Thu, Jun 22, 2006 at 01:01:38AM +0200, [EMAIL PROTECTED] wrote: > I'm not sure if I like the name, then; nor the emphasis on the > euid/egid (as those terms are not commonly used in the kernel; > there's a reason why the effective uid was cr->cr_uid and not cr_euid. > > In other words, what your are doing is creating a "nobody" user with > an ordinary user id.
Yes. It's kind of enticing. > In that case, the fact of having five different privileges to > shadow the five FILE privileges is perhaps going overboard. > > It's also perhaps more easily understood when referred to in the > frame of reference of an anonymous user. > > There are also some other strange corner cases; e.g., opening files > in /tmp with a umask other than 0. As I interpret the proposal file creation in /tmp would succeed, but opening existing files owned by the process' actual euid cannot be opened if thes basic privs are dropped. How would dropping this basic priv work with NFS though? Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
