Subject: Re: group name/gid expiry?
To: Iain Hibbert <plunky@rya-online.net>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-userlevel
Date: 03/09/2007 15:25:02
Iain Hibbert <plunky@rya-online.net> writes:

>    I am looking at adding an option "-G group" to sdpd(8) to allow members
> of the specific group to modify the database, so that for instance you
> don't need root privileges to run programs which register a service and
> wait for bluetooth connections.
>
>    Is it ok to cache a gid returned from getgrnam(3) during the setup, or
> should I check it on each open, in case it changed?

I wonder if there should be some way for user space to invoke kauth
ops in the kernel; you're adding an ad hoc mechanism (which seems
useful and reasonable) to implement ACLs.  It would be nice if there
were a more uniform way, even across the kernel/user boundary.