[ On Saturday, September 7, 2002 at 19:44:09 (+0100), David Laight wrote: ]
> Subject: Re: bin/18222: patch to allow a uid or gid of (-2) matching default NFS mapping for remote root users
>
> On Sat, Sep 07, 2002 at 07:23:10PM +0100, David Laight wrote:
> > > >Synopsis:       patch to allow a uid or gid of (-2) matching default
> > >		   NFS mapping for remote root users
> > > 
> > > 	increase UID_MAX and GID_MAX to (UINT_MAX-1)
> > 
> > Wouldn't it be better to use (~(uid_t)0 - 1) and (~(gid_t)0 - 1) ?
> 
> A quick look at the history of syslimits.h (brought on by the fact
> that the comments for these values didn't match the value) shows
> that the limit has been 2^32-2 before.
> 
> It was changed because setreu/gid() allows -1 (meaning don't
> change) which has to be within the domain of u/gid_t.

Yes, I remember that -- but the change was ultra-conservative and
results in my "nfsanon" user being "invalid".  My PR is in part in
(delayed) response to that change.

2^32-1 is the correct limit to allow for -2 as a valid value and -1 as a
special meaning to things like setreuid() [which I don't really care
about anywas as I've disabled it on my own systems for security reasons ;-)].

> This is another of those types [1] whose domain is -1..MAXINT-1
> that C doesn't quite copy with.

It's not C that's at fault -- it's bad/lazy API design.  :-)

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>