From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22401 invoked by alias); 20 Aug 2011 09:05:08 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 29714 Received: (qmail 20818 invoked from network); 20 Aug 2011 09:04:56 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received-SPF: none (ns1.primenet.com.au: domain at vinc17.net does not designate permitted sender hosts) Date: Sat, 20 Aug 2011 11:04:50 +0200 From: Vincent Lefevre To: zsh-workers@zsh.org Subject: Re: PATCH Re: "Once-a-day" long delay before startup Message-ID: <20110820090450.GN1685@prunille.vinc17.org> Mail-Followup-To: zsh-workers@zsh.org References: <20110814145749.GA6341@andrew.cmu.edu> <4E4D8D50.5040800@gmail.com> <20110819020336.GA21062@andrew.cmu.edu> <110818210558.ZM20788@torch.brasslantern.com> <20110820004710.GA4085@andrew.cmu.edu> <110820001325.ZM23133@torch.brasslantern.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <110820001325.ZM23133@torch.brasslantern.com> X-Mailer-Info: http://www.vinc17.net/mutt/ User-Agent: Mutt/1.5.21-6194-vl-r44775 (2011-07-13) On 2011-08-20 00:13:25 -0700, Bart Schaefer wrote: > This implements Vincent's suggestion of searching for group-writable > directories in compaudit and doing the getent only if some are found. > Doesn't help much on an RHEL-derived system because everyone is in > their own group and the default umask is group-writable, but maybe > it helps somebody. I don't think this depends on the system or Linux distribution, but rather on the network environment. For instance, with Debian by default, everyone is also in his own group (and I think that the default umask is group-writable, but I override that). But at my lab (where Debian is also used), in a LDAP/NFS environment, the default group contains all the users of the lab, and there are also groups for each team. Of course, in such an environment, the umask is not group-writable. So, I would say that in the typical case where getent could be slow, with a network file system and many users, the user is generally in some non-private group (a private group would be redundant with the owner, and a non-private group allows more possibilities -- that's why the notion of group has been created) and for security reasons, the default umask is not group-writable. Whether the default umask is group-readable or not is an even-more local choice, but doesn't matter here. That's why I think that the change should be benefic in general. -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)