[PATCH 2/2] KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches
nico at cryptonector.com
Fri Aug 2 16:20:07 EDT 2013
On Fri, Aug 2, 2013 at 8:55 AM, Jeff Layton <jlayton at redhat.com> wrote:
> Isn't it possible to have a valid uid of (unsigned int)-1? I know that
> at least some sites use that for "nobody". Why not just require passing
> in the correct UID?
POSIX requires valid UIDs to be non-nengative. POSIX does not require
uid_t to be signed or unsigned. POSIX does make use of (uid_t)-1 as a
sentinel (e.g., in setreuid(2)). (uid_t)-1 is special. Do not use
As an aside, note that on Solaris 10 and less uid_t was signed, so
UIDs 2^31..2^32-2 were unusable. Interop with S10 and less requires
that you not use such UIDs. Ditto gid_t and GIDs.
Also note that in Solaris 11 uid_t is unsigned BUT the range of UIDs
2^31..2^32-2 is still reserved (for automatic, on-demand,
non-persistent allocation for ID mapping purposes). Interop with S11
requires that you not use such UIDs. Ditto gid_t and GIDs.
More information about the krbdev