Re: UID/GID mapping system

From: Søren Hansen
Date: Thu Mar 11 2004 - 03:25:40 EST

ons, 2004-03-10 kl. 22:41 skrev Jesse Pollard:
> > > > > and unlimited number of groups assigned to a single user?
> > > > No. That's not my problem, is it? I just provide the mapping system.
> > > but the mapping system has to be able to handle it.
> > How do you figure that?
> I should have said "designed to handle it" in a future expansion. I was
> wrong in making 64 bits as important as it looks.

I'm not talking about the 64 bits uid's and gid's. I'm talking about the
mapping system having to handle users' group memberships. Why would it
have to do that?

> > > > The maps are on the client, so that's no issue. The trick is to make it
> > > > totally transparent to the filesystem being mounted, be it networked or
> > > > non-networked.
> > > The server cannot trust the clients to do the right thing.
> > The server can't trust the client as it is now anyway. The client can do
> > whatever it wants already. There is no security impact as I see it.
> Ah - but if the server refuses to map the uid then the server is more
> protected.

Yes. I know. This is not the problem i was trying to fix. This
discussion is going nowhere.
If I redesigned the way house doors worked, you'd be moaning about the
fact that the TV inside the house might be broken or stolen by someone
who enters the house. That's true. It might very well be. The only way
to secure it is to give your key to noone. The second you give you key
to someone else, you're basically fscked. And of course I know this is a
problem. It's a huge problem. I hope someone will fix it some day. It is
not, however, what I'm trying to do here.

Salu2, Søren.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at