tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NGROUPS/NGROUPS_MAX
ef%math.uni-bonn.de@localhost (Edgar =?iso-8859-1?B?RnXf?=) writes:
>> Of course. But will it do what you want?
>I don't understand your concerns.
>My intention was to let the NFS client run the modified kernel with a raised
>group limit. Then, the process in question will be a member of more than 16
>secondary groups which will enable it to access files readable for these
>groups, be it on NFS or not.
That's not true.
>Where is the NFS server involved? Enforcing
>access limits is the client's business, isn't it?
The standard method is to use AUTH_UNIX for authentication of the
underlying SunRPC protocol. That method sends UID/GID and the GID list
from the client to the server which evaluates them. The SunRPC protocol
can transmit a list of 16 GIDs. If the kernel keeps a longer list,
it gets truncated.
You could patch the RPC code to use a larger list, but that is incompatible
with other NFS implementations and you need to modify client and server.
The alternative is to use something instead of AUTH_UNIX. Do you volunteer
to implement it (or port FreeBSD's NFS code) ?
Home |
Main Index |
Thread Index |
Old Index