From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Sun, 17 Oct 2010 19:00:24 -0400 To: 9fans@9fans.net Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] permissions Topicbox-Message-UUID: 68dc3240-ead6-11e9-9d60-3106f5b1d025 > set. In fact, there's no requirement that the intersection of > the sets be non-empty. it's typically assumed that the intersection is not empty. > So for in-kernel file servers, it's best to look at them as hostowner > and world and forget about groups. For lib9p based servers, > you can link in a different implementation of hasperm() and > get whatever permissions checking you want, but the default > behavior is to assume that the named group has exactly one > member: the group leader. that is the current situation. but there is no reason that the auth protocol can't also inform the local kernel of the groups a user belongs to. this would tie groups to an auth domain, rather than a fileserver and would reduce some confusion, i think. - erik