* PATCH Re: "Once-a-day" long delay before startup
[not found] ` <20110820004710.GA4085@andrew.cmu.edu>
@ 2011-08-20 7:13 ` Bart Schaefer
2011-08-20 9:04 ` Vincent Lefevre
0 siblings, 1 reply; 2+ messages in thread
From: Bart Schaefer @ 2011-08-20 7:13 UTC (permalink / raw)
To: zsh-workers
This implements Vincent's suggestion of searching for group-writable
directories in compaudit and doing the getent only if some are found.
Doesn't help much on an RHEL-derived system because everyone is in
their own group and the default umask is group-writable, but maybe
it helps somebody.
Please check my work on that first assignment to _i_wdirs. It's the
same as the "else" clause of the $GROUPMEM == $LOGNAME branch, which
I think is the right place from which to start checking.
Index: Completion/compaudit
--- ../zsh-forge/current/Completion/compaudit 2005-02-27 11:40:17.000000000 -0800
+++ Completion/compaudit 2011-08-20 00:07:53.000000000 -0700
@@ -82,19 +82,6 @@
[[ $_i_fail == use ]] && return 0
-# RedHat Linux "per-user groups" check. This is tricky, because it's very
-# difficult to tell whether the sysadmin has put someone else into your
-# "private" group (e.g., via the default group field in /etc/passwd, or
-# by NFS group sharing with an untrustworthy machine). So we must assume
-# that this has not happened, and pick the best group.
-
-local GROUP GROUPMEM _i_pw _i_gid _i_ulwdirs
-if ((UID == EUID )); then
- getent group $LOGNAME | IFS=: read GROUP _i_pw _i_gid GROUPMEM
-else
- getent group $EGID | IFS=: read GROUP _i_pw _i_gid GROUPMEM
-fi
-
# We search for:
# - world/group-writable directories in fpath not owned by root and the user
# - parent-directories of directories in fpath that are world/group-writable
@@ -105,12 +92,27 @@
# - and for files in directories from fpath not owned by root and the user
# (including zwc files)
-if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]; then
- _i_wdirs=( ${^fpath}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID})
- ${^fpath:h}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) )
-else
- _i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID})
- ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) )
+_i_wdirs=( ${^fpath}(N-f:g+w:,-f:o+w:,-^u0u${EUID})
+ ${^fpath:h}(N-f:g+w:,-f:o+w:,-^u0u${EUID}) )
+
+# RedHat Linux "per-user groups" check. This is tricky, because it's very
+# difficult to tell whether the sysadmin has put someone else into your
+# "private" group (e.g., via the default group field in /etc/passwd, or
+# by NFS group sharing with an untrustworthy machine). So we must assume
+# that this has not happened, and pick the best group.
+
+if (( $#_i_wdirs )); then
+ local GROUP GROUPMEM _i_pw _i_gid _i_ulwdirs
+ if ((UID == EUID )); then
+ getent group $LOGNAME | IFS=: read GROUP _i_pw _i_gid GROUPMEM
+ else
+ getent group $EGID | IFS=: read GROUP _i_pw _i_gid GROUPMEM
+ fi
+
+ if [[ $GROUP == $LOGNAME && ( -z $GROUPMEM || $GROUPMEM == $LOGNAME ) ]]
+ then
+ _i_wdirs=( ${^_i_wdirs}(N-f:g+w:^g:${GROUP}:,-f:o+w:,-^u0u${EUID}) )
+ fi
fi
if [[ -f /etc/debian_version ]]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: PATCH Re: "Once-a-day" long delay before startup
2011-08-20 7:13 ` PATCH Re: "Once-a-day" long delay before startup Bart Schaefer
@ 2011-08-20 9:04 ` Vincent Lefevre
0 siblings, 0 replies; 2+ messages in thread
From: Vincent Lefevre @ 2011-08-20 9:04 UTC (permalink / raw)
To: zsh-workers
On 2011-08-20 00:13:25 -0700, Bart Schaefer wrote:
> This implements Vincent's suggestion of searching for group-writable
> directories in compaudit and doing the getent only if some are found.
> Doesn't help much on an RHEL-derived system because everyone is in
> their own group and the default umask is group-writable, but maybe
> it helps somebody.
I don't think this depends on the system or Linux distribution,
but rather on the network environment. For instance, with Debian
by default, everyone is also in his own group (and I think that
the default umask is group-writable, but I override that). But
at my lab (where Debian is also used), in a LDAP/NFS environment,
the default group contains all the users of the lab, and there
are also groups for each team. Of course, in such an environment,
the umask is not group-writable.
So, I would say that in the typical case where getent could be slow,
with a network file system and many users, the user is generally in
some non-private group (a private group would be redundant with the
owner, and a non-private group allows more possibilities -- that's
why the notion of group has been created) and for security reasons,
the default umask is not group-writable. Whether the default umask
is group-readable or not is an even-more local choice, but doesn't
matter here.
That's why I think that the change should be benefic in general.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-08-20 9:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20110814145749.GA6341@andrew.cmu.edu>
[not found] ` <4E4D8D50.5040800@gmail.com>
[not found] ` <20110819020336.GA21062@andrew.cmu.edu>
[not found] ` <110818210558.ZM20788@torch.brasslantern.com>
[not found] ` <20110820004710.GA4085@andrew.cmu.edu>
2011-08-20 7:13 ` PATCH Re: "Once-a-day" long delay before startup Bart Schaefer
2011-08-20 9:04 ` Vincent Lefevre
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).