The output of "pts membership" only includes memberships in explicit membership groups. This has a negative impact inexperienced end users that might be unaware that they are members of the "system:anyuser" and "system:authuser" groups. This behavior also leads to an inconsistency between the behavior for foreign and local users because foreign users are not members of "system:authuser" and are members of "system:authuser@foreign" which is included in the membership list because that group has an explicit membership list.
The AuriStorFS Protection service also makes a distinction between "user" and "machine" or "network" entities where "machine" and "network" entities are not members of the "system:authuser" or "system:authuser@foreign" groups. This distinction is not apparent from the output of "pts membership" because of the exclusion of implicit groups.
AuriStor is considering a change to "pts membership" output to include implicit memberships in the output of "pts membership". With this change the output of these commands
$ pts membership anonymous Groups anonymous (id: 32766) is a member of: $ pts membership testuser Groups anonymous (id: 112) is a member of: $ pts membership testuser@foreign Groups anonymous (id: 43282) is a member of: system:authuser@foreign becomes $ pts membership anonymous Groups anonymous (id: 32766) is a member of: system:anyuser $ pts membership testuser Groups anonymous (id: 112) is a member of: system:anyuser system:authuser $ pts membership testuser@foreign Groups anonymous (id: 43282) is a member of: system:authuser@foreign system:anyuserThe question for cell admins is whether anyone is aware of any internal scripts which process the output of "pts membership" which will break as a result of the inclusion of the implicit groups "system:anyuser" and "system:authuser" in output.
Your assistance is appreciated. Jeffrey Altman AuriStor, Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
