Thor Lancelot Simon <t...@panix.com> wrote: > > At this point, I think I will fetch secondary groups through sysctl, > > this seems to be the point of least resistance. > > You are not worried about security issues resulting from the fact > that time will pass, and the process may do other operations which > modify its credentials, before the operation completes?
I explored the option of modifying the FUSE protocol, and that is though. We can easily negociate an extended FUSE header that contains secondary groups, and I already submitted a patch that does exactly that, but then we face two conflicting requirements: - a fixed lentgh header is highly desirable for performance optimization. For instance glusterfs fetches the header and the data using readv(2) with an iovec that has two slots. That way it gets write date aligned on a page boundary. - a fixed length header means an array of secondary groups with NGROUPS_MAX slots, but Linux's NGROUPS_MAX is 65536, which means an insane waste of space. Therefore we need an array of secondary groups that is not bigger than the used slots. As a tradeoff between the two requirements, I proposed that the filesystem could request a minimum size for secondary group array. That way, the header would be of fixed length most of the time, except when there are many groups (something that can only happen on Linux: NetBSD's NGROUPS_MAX is much more reasonable). Big amount of secondary groups kill write optimization, but the filesystem can always be configured to request on initialization a bigger minimal secondary group aray size, if desired. That last proposal has been considered "a series of hacks to make it confirm to the requirements", therefore I am left with fetching secondary groups asynchrnously through sysctl. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org