[PATCH 2/2] KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches

[Nico Williams]

On Fri, Aug 2, 2013 at 8:55 AM, Jeff Layton <jlayton at redhat.com> wrote:
> Isn't it possible to have a valid uid of (unsigned int)-1? I know that
> at least some sites use that for "nobody". Why not just require passing
> in the correct UID?

POSIX requires valid UIDs to be non-nengative.  POSIX does not require
uid_t to be signed or unsigned.  POSIX does make use of (uid_t)-1 as a
sentinel (e.g., in setreuid(2)).  (uid_t)-1 is special.  Do not use
it.

As an aside, note that on Solaris 10 and less uid_t was signed, so
UIDs 2^31..2^32-2 were unusable.  Interop with S10 and less requires
that you not use such UIDs.  Ditto gid_t and GIDs.

Also note that in Solaris 11 uid_t is unsigned BUT the range of UIDs
2^31..2^32-2 is still reserved (for automatic, on-demand,
non-persistent allocation for ID mapping purposes).  Interop with S11
requires that you not use such UIDs.  Ditto gid_t and GIDs.

Nico
--