'Re: [fuse-devel] getgroups() versus getgrouplist()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fuse-devel
Subject:    Re: [fuse-devel] getgroups() versus getgrouplist()
From:       Jean-Pierre ANDRE <jean-pierre.andre () wanadoo ! fr>
Date:       2009-06-24 16:19:17
Message-ID: 30658795.1539.1245860357444.JavaMail.www () wwinf1512
[Download RAW message or body]

Hi,




> Message du 23/06/09 20:16
> De : "Werner Baumann" 
> A : fuse-devel@lists.sourceforge.net
> Copie Ă  : 
> Objet : Re: [fuse-devel] getgroups() versus getgrouplist()
> 
> 
> Maybe I am missing the point:
> 
> Instead of looking for a function that takes an UID and returns the list
> of groups the user is member of, you may use a function that takes a
> GID and returns the list of users that are member of this group. For
> checking permissions you probably want to check whether the user belongs
> to the group of the file in question, so you know the group.
> 
> struct group *getgrnam(const char *name)
> struct group *getgrgid(gid_t gid)
> 
> To check wether the calling user has permissions for the requested
> action, you will have to take three steps
> 
> - take the UID of the requesting user and compare it to the file UID
> - take the primary group of the requesting user and compare it to the
> file GID
> - take the file GID, get the list of users that are member of this
> group and compare it to the UID of the requesting user.
> 

This means the needed function must only have a uid and a gid
arguments, and reply whether the uid is member of the gid group.
No list is needed for input or output, which saves the burden of
allocating and freeing variable lists. (I did so for ntfs-3g, so I am
sure it is possible, even when dealing with ACLs).


Regards

Jean-Pierre


> Of course you can stop as soon as a match is found that allows the
> action.
> 
> There is surely the drawback that these functions return the names of
> the users (not the numerical id) and you need to do string comparision.
> But they are part of POSIX and are not fixated on /etc/passwd.
> 
> Werner
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> fuse-devel mailing list
> fuse-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fuse-devel
> 
>
------------------------------------------------------------------------------
_______________________________________________
fuse-devel mailing list
fuse-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fuse-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic