FW: Speed comp. TNG & 2.2.alpha (fwd)
Peter Samuelson
peter at cadcamlab.org
Thu Mar 1 08:03:47 GMT 2001
[Andrew Bartlett]
> The way to tell if a group is a private group is fairly simple - a
> simple getgrnam call tells you if there are any non-primary members
Are you sure? The man page on my system does not actually say that.
Sure, the usual Unix implementation of getgrnam() only reads /etc/group
and not /etc/passwd, but thanks to NSS, many people do not use the
usual Unix implementation of getgrnam() anymore.
Also consider AIX: the 'mkuser' utility automatically puts you in
/etc/group. (I know this because I had to debug it once: I was
creating hundreds of users from a script, and managed to exceed the
line length limit of some tool that reads /etc/group.)
> A final check would be if no other users have this as their primary
> gid.
So you have to iterate through getpwent() every time? Bad. Remember,
systems like NIS are optimized for getpwnam() -- it is *much* more
efficient than a loop through getpwent(). (Granted, with a local
/etc/passwd file they are equivalent.)
> In any case, it would be good to get a list of all groups on a system
> and not see all the private groups setup for each individual user
> when all I want to see is admins, staff and students - if you see
> what I mean.
Here's another way to attack the problem. Samba could have a magic NT
group name (say 'nogroup') defined to be invisible to clients, and a
syntax for a wildcard Unix group name in your group map file.
Peter
More information about the samba-technical
mailing list