tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [RFC] getgroups2 system call

On Wed, Dec 14, 2011 at 07:57:43AM +0000, Michael van Elst wrote:
> (Matthew Mondor) writes:
> >What does NFS do in this case?  I seem to remember that it also imposes
> >a sane size limit, possibly even below NGROUPS_MAX, is it really the
> >case?  If so, would this also be acceptable?
> NFS (or rather the underlying SunRPC) passes an array of 16 gids, which is
> a common problem when you try to use groups for fine grained access control.

Based on what I've read, it's only NFSv3 that works like that.  With
NFSv4 the access control can be based on what groups the server thinks the
user is in, so there are no group ids being passed.


Home | Main Index | Thread Index | Old Index