Subject: Re: bin/14172
To: <>
From: David Laight <>
List: tech-userlevel
Date: 11/15/2002 01:32:06
> >(and the values in the header files for NGROUPS_MAX and NGROUPS)
> >posix has some subtle rules in this area...)
> NGROUPS_MAX is a "Runtime Increasable Value" in POSIX, so it's actually a
> minimum maximum, and need not be changed.  NGROUPS isn't in POSIX at all.

I wasn't sure whether it was one that you either didn't define, or
defined as -1 if it were unlimited.  I presume you read the spec (again).

> RPC AUTH_SYS (formerly AUTH_UNIX) only allows 16 supplementary groups:
>       struct authsys_parms {
>          unsigned int stamp;
>          string machinename<255>;
>          unsigned int uid;
>          unsigned int gid;
>          unsigned int gids<16>;
>       };
> This would mean at least that our NFS client would have to be able to
> intelligently truncate the group list for each request (to ensure that any
> relevant group was still in the list).  Working out which groups to drop in
> a non-NFS context might be more interesting (though probably less
> important).

I think it has to truncate it to 8 under some circmstances already.
Taking the first 16 (as ordered by the group file rather than
numerically) is probably ok - at least not unexpected.


David Laight: