[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: kern.ngroups (non) setting ... new bounty ?
From: Harti Brandt <hartmut.brandt () dlr ! de>
Date: 2007-09-27 14:58:21
Message-ID: 20070927165321.A63884 () knop-beagle ! kn ! op ! dlr ! de
[Download RAW message or body]
On Wed, 26 Sep 2007, rsync.net wrote:
r>
r>
r>On Wed, 26 Sep 2007, Julian Elischer wrote:
r>
r>> >> rsync.net wrote:
r>> >>> It has been impossible to change kern.ngroups - at least for several years
r>> >>> now. It was not fixed in either 5.x or 6.x :
r>> >>>
r>> >>> http://lists.freebsd.org/pipermail/freebsd-bugs/2007-January/022140.html
r>> >>>
r>> >>> It is seemingly a difficult problem:
r>> >>>
r>> >>> http://www.atm.tut.fi/list-archive/freebsd-stable/msg09969.html [1]
r>> >>>
r>> >>> However it should be solved - we can't be the only ones out there trying
r>> >>> to add a UID to more than 16 groups...
r>> >> the big question is what do you do for NFS? remember something about
r>> >> it only having a fixed storage for groups.
r>> >
r>> >
r>> > (snip)
r>> >
r>> >
r>> >>> [1] Is it indeed true that these programs are broken by not following
r>> >>> NGROUPS_MAX from syslimits.h?
r>> >
r>> >
r>> > Assuming the answer to the above footnote is "yes", would it be reasonable
r>> > to fix the OS generally, but continue to hard code the limits in things
r>> > like NFS ?
r>> >
r>> > Are you saying that, unlike other items, NFS _does_ respect NGROUPS_MAX ?
r>>
r>> actually it doesn't
r>>
r>> see:
r>>
r>> nfs/rpcv2.h:#define RPCAUTH_UNIXGIDS 16
r>>
r>> but what do we do if a user has > 16?
r>
r>
r>We have no idea. All we know is, we need some UIDs to be members of more
r>than 16 groups, and that is currently impossible.
r>
r>We are happy to lend financial support to a solution ... however it sounds
r>like $500 and free rsync.net storage space isn't going to be sufficient ?
r>
r>Is it unexpected that someone has run into this limit ?
I have :-) There is an easy solution: Bump NGROUPS_MAX and recompile
everything. Be aware that in some cases the group list is truncated: NFS
and socket credentials (there may be more). I've done this over a year ago
on my desktop because I'm in 50 groups that come from an active directory.
Making this changeable via sysctl involves more work (see for example
struct kproc_info).
harti
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic