Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATCH Re: "Once-a-day" long delay before startup

On 2011-08-20 00:13:25 -0700, Bart Schaefer wrote:
> This implements Vincent's suggestion of searching for group-writable 
> directories in compaudit and doing the getent only if some are found.
> Doesn't help much on an RHEL-derived system because everyone is in
> their own group and the default umask is group-writable, but maybe
> it helps somebody.

I don't think this depends on the system or Linux distribution,
but rather on the network environment. For instance, with Debian
by default, everyone is also in his own group (and I think that
the default umask is group-writable, but I override that). But
at my lab (where Debian is also used), in a LDAP/NFS environment,
the default group contains all the users of the lab, and there
are also groups for each team. Of course, in such an environment,
the umask is not group-writable.

So, I would say that in the typical case where getent could be slow,
with a network file system and many users, the user is generally in
some non-private group (a private group would be redundant with the
owner, and a non-private group allows more possibilities -- that's
why the notion of group has been created) and for security reasons,
the default umask is not group-writable. Whether the default umask
is group-readable or not is an even-more local choice, but doesn't
matter here.

That's why I think that the change should be benefic in general.

Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)

Messages sorted by: Reverse Date, Date, Thread, Author