cvs commit: src UPDATING (initgroups)
Diomidis Spinellis
dds at aueb.gr
Mon Dec 15 09:51:23 PST 2003
Robert Watson wrote:
> I assume there's not time to change the behavior of 5.2 even to log, but
> we might want to see if there's a simple one-line change that will cover
> 90% of the interesting cases -- i.e., add a two-line change to
> setusercontext() so that it syslogs over the problem if it happens,
> without changing behavior.
Logging was done by default, but the log message (Invalid argument) can
be considered obscure. The change for a better syslog entry (to be
added in 5.2) would be to modify lib/libutil/login_class.c as follows:
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
if (errno == EINVAL)
syslog(LOG_ERR, "initgroups(%s,%lu): user group membership
limit (NGROUPS) exceeded", pwd->pw_name, (u_long)pwd->pw_gid);
else
syslog(LOG_ERR, "initgroups(%s,%lu): %m", pwd->pw_name,
(u_long)pwd->pw_gid);
On STABLE we need to decide whether we make the change completely
configurable as in
#define IGNORE_NGROUP_OVERFLOW /* group membership > NGROUPS is silently
ignored */
or we add only a special case in the login procedure by patching
lib/libutil/login_class.c. This would still leave the change visible to
other applications like daemons. I propose to avoid the special
login_class.c case and have the old behaviour be the default
configuration for all uses of initgroups.
Diomidis - dds@
More information about the cvs-src
mailing list