We decided on /etc/corosync as the dir, not /etc/ais for the uidgid.d directory. Other then that looks good
regards -steve On Thu, 2009-05-14 at 11:49 +0200, Jan Friesse wrote: > Attached is second version of patch. > > Read from dir uses better name for function (no security but rather > uidgid) so it's included too. Take it as a version, which will be > back-ported to RHEL 5. > > Regards, > Honza > > Steven Dake wrote: > > rename "security" as an objdb key to "uidgid". > > > > The uid || gid should be valid, not requiring an and operation. > > > > On Wed, 2009-05-13 at 18:21 +0200, Jan Friesse wrote: > >> Attached is first version of support for multiple security items (uid-gid). > >> > >> First question what I have. I'm currently testing uid and gid as a pair, > >> so user process must have gid and uid (not only uid or gid). Is that > >> correct, or you will rather see something, what will check uid OR gid? > >> (From my point of view, both solution are acceptable and both have some > >> pros/cons, so I think, there should be major consensus) > >> > > or operation > > > >> Second question. Items are cached, but in list. Steve talked something > >> about, that this is fast path, so isn't list some performance killer? If > >> yes, I think we can use: > >> - hash table (red black tree/...) in case 1. question will be answered, > >> that we should check uid and gid as a pair > >> - bit-array of uid and gid, if 1. question will be answered uid OR gid > >> > > A list should be ok for now. > > > >> Third question. I'm not sure, if I should implement some reloading stuff > >> or not. Because in current implementation, ug_config.uid/gid are never > >> reloaded, and only logstuff is reloaded. > >> > > > > followup patch imo > > > >> Fourth think. From my point of view. ug_config.uid/gid no longer make > >> sense to be used for IPC authentifications (becase this patch should be > >> full and better replacement), so second patch (corosync-remove-...) > >> removes this. > >> > > > > ok > > > >> And last think. Can please somebody with native English language update > >> manual pages? Of course I can do that, but ... I'm not sure that my > >> Czechlish is understandable to anybody different then me, and you, as my > >> colleagues ;) > >> > > > > right up there with root canals. The man pages need love, and we will > > get to them eventually. > > > > Regards > > -steve > > > >> Regards, > >> Honza > >> _______________________________________________ > >> Openais mailing list > >> Openais@lists.linux-foundation.org > >> https://lists.linux-foundation.org/mailman/listinfo/openais > > > _______________________________________________ Openais mailing list Openais@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/openais