[2199] in Release_7.7_team
Re: Fwd: A question about how groups get handled
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Apr 4 16:37:29 2000
Message-Id: <200004042037.QAA17447@vorpal-blade.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Tim McGovern <tjm@MIT.EDU>
cc: Greg Hudson <ghudson@MIT.EDU>, release-team@MIT.EDU, grouper@MIT.EDU
In-reply-to: Your message of "Tue, 04 Apr 2000 15:13:43 EDT."
<v04020a05b50fea9add06@[18.152.1.21]>
Date: Tue, 04 Apr 2000 16:37:01 -0400
> 1. If the /etc/groups file comes from Hesiod's list, is there any way to
> predict what order _that_ list is in, or if Moira determines the order,
> what is _that_?
Moira does, in fact determine the order of the groups bothe in the
hesiod server, and in the credentials file on the NFS server (it is
necessary to be listed in both places in order to have access). It is
possible to predict, but not guarantee what order moira will use when
creating a user's group list. I believe that it is currently the case
that the most recently created lists in moira are the ones that are
most likely to appear in a user's group list. Please note, however,
that htis is an artifact of the current implementation, not a guarantee.
> BTW, do I infer correctly that the order may be quite
> unpredictable depending on what's already in the file on the machine?
That is correct.
> 2. We understand that the /etc/groups file controls access to NFS servers.
> Otherwise, the file seems to contain pretty random and useless entries for
> most people. What else uses the file? Is there some UNIX dependency on the
> file that isn't normally visible?
For all intents and purposes, kNFS is the only thing that cares.
> Oh, and speaking of visible or not, is there a clear definition of
> what it means for a list to be "visible" vs. "hidden"?
Not really. Ideally, hidden would mean that there is no way for
anyone besides the list owner, and people with special privledges (eg,
accounts, dbadmin, etc.) to see the attributes (ie, blanche -i) or
membership of the list. However, if you know a list's name it is
currently possible to trick various parts of our infrastructure into
telling you various things about the list.
Jonathon
