[Gllug] Problem with users (authing over Active Directory) not being about to run software, but local users can.

Richard Jones rich at annexia.org
Thu Oct 15 13:57:58 UTC 2009


On Thu, Oct 15, 2009 at 01:58:47PM +0100, Matthew King wrote:
> John Edwards <john at cornerstonelinux.co.uk> writes:
> 
> > In the old days it used to be a 16 bit unsigned int, so 65535
> > (2^16 -1). Almost all modern UNIX-like systems now use a 32 bit
> > signed int, so 2147483647 (2^31 -1).
> 
> Is there any reason why when this was implemented it was decided to use
> 31 instead of 32 bits? I know that 4 billion users is unlikely but it
> seems a bit odd to use an unsigned instead of a signed int.
> 
> Assuming of course that negative UIDs are illegal.

I don't see non-negative UIDs being enforced anywhere, but if it's
true then as you say it was to avoid negative UIDs.  If you have
software which is mainly 32 bit, but allow UIDs > 2147483647 then
there are subtle problems you could encounter:

(1) Some software might fail (perhaps silently) when trying to parse a
UID > 2147483647.

(2) Other software might fail (perhaps silently) when the UID contains
a '-' character.

(3) Configuration files and file formats might not expect UIDs to
contain '-' characters, and could fail in subtle ways.

Subtle failures aren't what you want when dealing with authentication.

Rich.

-- 
Richard Jones
Red Hat
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list