mwm@eris.BERKELEY.EDU (Mike (No one lives forever.) Meyer) (03/18/87)
In article <15136@sun.uucp> guy%gorodish@Sun.COM (Guy Harris) writes: >How it works: > When you log in, your effective group ID is set to the number > in the group field of your "/etc/passwd" entry. Your group > set is initialized from { group ID in "/etc/passwd" } (union) > <set of groups in "/etc/group" that you belong to> (although Not quite, Guy. I think it's just confusing terminolgy, though. Your effective group id is set from the group field in /etc/passwd. Your group set is the set of groups your in /etc/group, EXCEPT for the group that is your group id. The operation is set difference, not union. In addition, if you use the setregid system call to set your real group id to a group that's in your group set, it will be taken from your group set. A second setregid back to the original group id will not put things back, so that the group will have vanished from your group set. The semantics of the gid/group set aren't very clean. If you're going to be writing code that dynamically deals with either one, be carefull, or you'll surprise yourself. Finally, notice that Guy's limit of 16 users is 4.3BSD. It was 8 in 4.2. <mike -- But I'll survive, no you won't catch me, Mike Meyer I'll resist the urge that is tempting me, ucbvax!mwm I'll avert my eyes, keep you off my knee, mwm@berkeley.edu But it feels so good when you talk to me. mwm@ucbjade.BITNET
decot@hpisod2.HP.COM (Dave Decot) (03/19/87)
> In article <15054@sun.uucp>, guy%gorodish@Sun.COM (Guy Harris) writes: > > >For files that need to be accessed by groups of people, the BSD group list > > >concept really works much better (does Sys V have an analog to this?) > > > > No. > > Pardon my ignorance of BSD, but what's wrong with the use of group permissions > and /etc/group in Sys V for group access? We've used it (on several projects) > for years and it's worked quite well. > > Evelyn C. Leeper Nothing is wrong with it until you decide that you want to access files belonging to two different groups in the same process. BSD has a list of groups for each process. Dave Decot hpda!decot
guy@gorodish.UUCP (03/24/87)
>>Nothing is wrong with it until you decide that you want to access files >>belonging to two different groups in the same process. BSD has a list >>of groups for each process. > >/etc/group in SysV does the same thing. No, it doesn't. "/etc/group" in systems that haven't picked up the 4.2BSD "group set" notion merely indicates which people can "newgrp" to a particular group. A process can only have one group that it belongs to. If you want to access a file that's only accessible to members of a particular group, and you're not currently running with that as your group ID, you have to "newgrp" to that group. In systems that have picked up the 4.2BSD "group set" notion, "login" adds the first N (for some value of N, ~8 on 4.2BSD, ~16 on 4.3BSD) groups that a user is listed as a member of to the "group set" for that user's login shell process. (It uses "/etc/group" for this, of course; the file has the same format that it does in other UNIX systems.) That process, and its descendants (unless they change their effective group ID or group set), can access files accessible to any of those groups.