> >(and the values in the header files for NGROUPS_MAX and NGROUPS)
> >posix has some subtle rules in this area...)
> 
> NGROUPS_MAX is a "Runtime Increasable Value" in POSIX, so it's actually a
> minimum maximum, and need not be changed.  NGROUPS isn't in POSIX at all.

I wasn't sure whether it was one that you either didn't define, or
defined as -1 if it were unlimited.  I presume you read the spec (again).

> RPC AUTH_SYS (formerly AUTH_UNIX) only allows 16 supplementary groups:
> 
>       struct authsys_parms {
>          unsigned int stamp;
>          string machinename<255>;
>          unsigned int uid;
>          unsigned int gid;
>          unsigned int gids<16>;
>       };
> 
> This would mean at least that our NFS client would have to be able to
> intelligently truncate the group list for each request (to ensure that any
> relevant group was still in the list).  Working out which groups to drop in
> a non-NFS context might be more interesting (though probably less
> important).

I think it has to truncate it to 8 under some circmstances already.
Taking the first 16 (as ordered by the group file rather than
numerically) is probably ok - at least not unexpected.

	David

-- 
David Laight: david@l8s.co.uk