tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NGROUPS/NGROUPS_MAX



ef%math.uni-bonn.de@localhost (Edgar =?iso-8859-1?B?RnXf?=) writes:

>> Of course.  But will it do what you want?
>I don't understand your concerns.

>My intention was to let the NFS client run the modified kernel with a raised 
>group limit. Then, the process in question will be a member of more than 16 
>secondary groups which will enable it to access files readable for these 
>groups, be it on NFS or not.

That's not true.

>Where is the NFS server involved? Enforcing 
>access limits is the client's business, isn't it?

The standard method is to use AUTH_UNIX for authentication of the
underlying SunRPC protocol. That method sends UID/GID and the GID list
from the client to the server which evaluates them. The SunRPC protocol
can transmit a list of 16 GIDs. If the kernel keeps a longer list,
it gets truncated.

You could patch the RPC code to use a larger list, but that is incompatible
with other NFS implementations and you need to modify client and server.

The alternative is to use something instead of AUTH_UNIX. Do you volunteer
to implement it (or port FreeBSD's NFS code) ?




Home | Main Index | Thread Index | Old Index