aglew%mycroft@gswd-vms.arpa (Andy Glew) (03/18/87)
>Your group > set is initialized from { group ID in "/etc/passwd" } (union) > <set of groups in "/etc/group" that you belong to> (although > if this exceeds 16, only the first 16 groups are used). > >There is no "newgrp" command in 4.[23]BSD; it's not needed. Only 16 -/- "newgrp" not needed. Really? Andy "Krazy" Glew. Gould CSD-Urbana. USEnet: ihnp4!uiucdcs!ccvaxa!aglew 1101 E. University, Urbana, IL 61801 ARPAnet: aglew@gswd-vms.arpa
guy%gorodish@Sun.COM (Guy Harris) (03/19/87)
>>There is no "newgrp" command in 4.[23]BSD; it's not needed. > >Only 16 -/- "newgrp" not needed. > >Really? I know of nobody who has needed "newgrp" under 4.[23]BSD. If you have source, you could boost the maximum group set size; if you don't, you might be able to get your vendor to do so. 64 wouldn't be totally horrible (although you'd probably be advised to change the algorithm for permissions checking, since you probably don't want to linearly scan a 64-element list on every permissions check); if you need to be in that many groups, maybe you should be thinking about adding ACLs to your system instead.... Do you have any evidence to the contrary, or is this just speculation?
rbj@icst-cmr.arpa (03/24/87)
From: Guy Harris <guy%gorodish@Sun.COM> >>There is no "newgrp" command in 4.[23]BSD; it's not needed. > >Only 16 -/- "newgrp" not needed. > >Really? I know of nobody who has needed "newgrp" under 4.[23]BSD. If you have source, you could boost the maximum group set size; if you don't, you might be able to get your vendor to do so. 64 wouldn't be totally horrible (although you'd probably be advised to change the algorithm for permissions checking, since you probably don't want to linearly scan a 64-element list on every permissions check); if you need to be in that many groups, maybe you should be thinking about adding ACLs to your system instead.... Do you have any evidence to the contrary, or is this just speculation? I think this is an operations/administration problem. Newgrp would be nice for dynamically allowing membership into a specific group, and avoid the runtime-check-all-groups Guy mentions above. On the other hand, it would require a way to dynamically change the passwd on group files (passwd -g?). While this is not a technical problem (btw, did TPC ever hack a program to change group passwords?), it creates the hassle of informing the right people of group password changes. So, it might be nice, but ... (Root Boy) Jim "Just Say Yes" Cottrell <rbj@icst-cmr.arpa> I once decorated my apartment entirely in ten foot salad forks!!