From: GuruJ (GuruJ_at_mbox.com.au)
Date: Tue 19 Aug 2003 - 11:24:26 BST
Sam Vilain wrote:
> - UID24/GID24 (works on all 32bit U/GID FSs)
> the format uses the upper quarter of user and
> group id to store the context information, again
> transparently. you'll end up with 16 million
> user and group ids, which should suffice for the
> majority of applications ...
>
> Quite a few systems create one group per user by default, so that they
> can leave users wandering around with a 002 umask without worrying
> about security. So if the external method doesn't work out, my vote
> would go for this option.
I prefer the UID24/GID24 option. I can't see any reason why having
'only' 16 million users and groups could be limiting within a virtual
context situation, and it would mean that we were just making more
efficient use of UID/GID identifiers. Even within different contexts,
they are still just users and groups, right?
Also, wouldn't there also be a smaller chance of future conflicts if
using UID24/GID24? That 'unused' part of the inode may get used at some
point, but UID/GID values are unlikely to be re-mapped in the future.
-- GuruJ.