The common UID/GID space implementation. It has been discussed on -arch

in 1999, and there are changes to the sysctl names compared to PR,
according to that discussion. The description is in sys/conf/NOTES.
Lines in the GENERIC files are added in commented-out form.
I'll attach the test script I've used to PR.

PR:		kern/14584
Submitted by:	babkin

2 files changed, 65 insertions, 0 deletions

diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index 7d610bc..79ecc5d 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -905,6 +905,70 @@ options 	QUOTA			#enable disk quotas
 #
 options 	SUIDDIR
 
+# The common user and group ID space for the local filesystems 
+# (see PR kern/14584), AKA "poor man's ACLs".
+#
+# From the systems administration standpoint ACLs are a pain to use:
+#  * they are not supported by the classic file formats like tar and cpio
+#  * they need lots of ugly flags to commands like chown or ls
+#  * they are just by themselves difficult to show in ls
+#  * they promote ad-hoc and messy assignment of permissions
+#
+# But in fact the classic Unix permissions seem to have only one real problem:
+# sometimes it's neccessary to give read permissions to one group of
+# users and read-write permissions to another group of users. But only
+# one group is supported and that makes a problem. The common ID
+# support solves this problem without breaking any compatibility.
+#
+# Controlled by the sysctl:
+# vfs.commonid.local.enabled: Enable common UID/GID space for local filesystems
+# vfs.commonid.local.low: Lowest common UID/GID value for local filesystems
+# vfs.commonid.local.high: Highest common UID/GID value for local filesystems
+#
+# When enabled, the user and group ID space in the range [low, high] 
+# becomes common. That is, if there is an user with some ID in this range, 
+# there must not be a group with the same ID (except for a special case 
+# described later). Traditionally this kind of overlapping exists in the 
+# low values of system IDs, so the implementation won't allow to set the
+# low border below 100. If it's set manually below 100, the first time 
+# an access check is done, the system will reset it to 100.
+#
+# The special case is that for the symbolic group and user names to work
+# correctly, every time a user is created, a pseudo-group with the same
+# ID and name must be created. And the other way around - every time
+# a group is created, a pseudo-user with the same name and ID must be created.
+# Otherwise command like "ls" won't show the user/group names correctly
+# and command like "chown" won't understand the symbolic names correctly.
+#
+# The IDs in the common range can be used interchangeably in both the
+# user and group fields of file permissions. For example, if you have
+# groups group1 and group2 with IDs in the common range, you can do:
+#   chmod 240 file
+#   chown group1:group2 file
+# This would allow the group1 to write to the file and group2 to read
+# the file.
+#
+# This semantics works only for the access but not for modification of
+# the permissions. In the example above the members of group1 aren't allowed
+# to call chmod on the file. Such changes must be done either by root
+# or through the pseudo-user group1.
+#
+# If it's desiable to give the "owner group" of some files (like group1
+# in this example) the rights to change the permissions of all the files
+# it owns, it can be achieved through cloning the chmod binary and
+# adding the pseudo-user setuid rights to it:
+#   cp /bin/chmod /usr/local/bin/group1chmod
+#   chown group1 /usr/local/bin/group1chmod
+#   chmod u=xs,g=,o= /usr/local/bin/group1chmod
+# A similar thing can be done for chown.
+# In result all the members of group1 would be able to execute group1chmod,
+# which would assume the ID of pseudo-user "group1" and will be able
+# to change the file permissions.
+#
+# This logic does not work on the remote filesystems (such as NFS).
+
+options 	COMMONID	# Enable support for common UID/GID space
+
 # NFS options:
 options 	NFS_MINATTRTIMO=3	# VREG attrib cache timeout in sec
 options 	NFS_MAXATTRTIMO=60
diff --git a/sys/conf/options b/sys/conf/options
index 19cca6f..2aee2d4 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -163,6 +163,7 @@ VFS_AIO
 VERBOSE_SYSINIT	opt_global.h
 WLCACHE		opt_wavelan.h
 WLDEBUG		opt_wavelan.h
+COMMONID	opt_commonid.h
 
 # POSIX kernel options
 P1003_1B_MQUEUE			opt_posix.h