In-kernel pfexec implementation. [PSARC/2009/377 FastTrack timeout 07/10/2009]
Darren J Moffat
Darren.Moffat at sun.com
Mon Jul 6 01:29:55 PDT 2009
Casper.Dik at Sun.COM wrote:
>
>> PSARC 2005/133 covers the introduction of per-user nscd.
>>
>> It is enabled by setting 'enable-per-user-lookup'.
>
> Are you expecting that exec_attr and such will fail when they are
> attempted by root?
I guess it is possible but unlikely. I was really just pointing out
that for the case where 'enable-per-user-lookup' is set there will be a
difference in the creds used to lookup the entries. I guess in theory
there could be an 'intelligent' LDAP server that returns different
exec_attr entries based on what the calling creds were. This case would
break that. However I'm not sure if that is important or not.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list