On Aug 2, 2005, at 10:33 AM, Jan Schaumann wrote:

> This could be made less intrusive if the userland tools would use
> sysconf(_SC_NGROUPS_MAX) instead.  Of course this means that all those
> tools that currently use static arrays initialized to NGROUPS_MAX + 1
> need to be redone dynamically...

I would encourage everyone to look at how this was addressed in Mac  
OS X 10.4.  Their solution also provides for nested group  
functionality, as well as providing a more useful interface to groups  
(i.e. "is this user a member of this group" as opposed to "get list  
and traverse it myself to find out if a user is a member of a group").

Start with the memberd(8) man page.

-- thorpej