[706] in Info-AFS_Redistribution
Re: pts: ID 0 and groups of groups
daemon@ATHENA.MIT.EDU (Dimitris Varotsis)
Wed Apr 8 16:21:50 1992
To: bb-info-afs@CRABAPPLE.SRV.CS.CMU.EDU
From: Dimitris Varotsis <dimitris+@cs.cmu.edu>
Date: Wed, 08 Apr 92 14:26:18 -0400
Peter,
both of the things that you have mentioned are
very desired features and we have tried to implement them
locally here, however, the effort proved to be more than it
was worth. There are too many places in the code that rely
on the fact that pts ids are either positive (users) or negative
(groups) but never 0. Since we tried this about 3 years ago
I can't remember details, but I can remember that it was more
than changing a couple of conditionals, so we simply decided
to use some other id. If you insist that you want the file owner
to appear to be root to the unix utilities you can make sure that
the id assigned to root has the lower 16 bits be 0, say 65536
(since unix user ids are only 16 bits long). It's a hack but it works.
As far as the group of groups is concerned the problem
is that allowing groups to be members of other groups
would require some not so trivial changes to recursively expand
group memberships (not the least of which being detecting conditions
that would cause an infinite recursion). Our solution to this problem
has been to have a script that we use when adding and deleting
users from groups that parses a file which contains a description
of which group should be a subset of which group etc. and then decides
all the groups that the user needs to be added or deleted from.
Although this is not a perfect substitute, since adding for example
a line in the special file that says that group a is a member of
group b will not make any difference for the existing members of
group a, it gives us most of the benefits of having groups being
members of other groups.
Dimitris