From: Vincent Lefevre <vincent@vinc17.net>
To: zsh-workers@zsh.org
Subject: Re: PATCH Re: "Once-a-day" long delay before startup
Date: Sat, 20 Aug 2011 11:04:50 +0200 [thread overview]
Message-ID: <20110820090450.GN1685@prunille.vinc17.org> (raw)
In-Reply-To: <110820001325.ZM23133@torch.brasslantern.com>
On 2011-08-20 00:13:25 -0700, Bart Schaefer wrote:
> This implements Vincent's suggestion of searching for group-writable
> directories in compaudit and doing the getent only if some are found.
> Doesn't help much on an RHEL-derived system because everyone is in
> their own group and the default umask is group-writable, but maybe
> it helps somebody.
I don't think this depends on the system or Linux distribution,
but rather on the network environment. For instance, with Debian
by default, everyone is also in his own group (and I think that
the default umask is group-writable, but I override that). But
at my lab (where Debian is also used), in a LDAP/NFS environment,
the default group contains all the users of the lab, and there
are also groups for each team. Of course, in such an environment,
the umask is not group-writable.
So, I would say that in the typical case where getent could be slow,
with a network file system and many users, the user is generally in
some non-private group (a private group would be redundant with the
owner, and a non-private group allows more possibilities -- that's
why the notion of group has been created) and for security reasons,
the default umask is not group-writable. Whether the default umask
is group-readable or not is an even-more local choice, but doesn't
matter here.
That's why I think that the change should be benefic in general.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
prev parent reply other threads:[~2011-08-20 9:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20110814145749.GA6341@andrew.cmu.edu>
[not found] ` <4E4D8D50.5040800@gmail.com>
[not found] ` <20110819020336.GA21062@andrew.cmu.edu>
[not found] ` <110818210558.ZM20788@torch.brasslantern.com>
[not found] ` <20110820004710.GA4085@andrew.cmu.edu>
2011-08-20 7:13 ` Bart Schaefer
2011-08-20 9:04 ` Vincent Lefevre [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110820090450.GN1685@prunille.vinc17.org \
--to=vincent@vinc17.net \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).