tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [RFC] getgroups2 system call

On Wed, Dec 14, 2011 at 03:22:19PM -0600, Eric Haszlakiewicz wrote:
> On Wed, Dec 14, 2011 at 07:57:43AM +0000, Michael van Elst wrote:
> > (Matthew Mondor) writes:
> > 
> > >What does NFS do in this case?  I seem to remember that it also imposes
> > >a sane size limit, possibly even below NGROUPS_MAX, is it really the
> > >case?  If so, would this also be acceptable?
> > 
> > NFS (or rather the underlying SunRPC) passes an array of 16 gids, which is
> > a common problem when you try to use groups for fine grained access control.
> Based on what I've read, it's only NFSv3 that works like that.  With
> NFSv4 the access control can be based on what groups the server thinks the
> user is in, so there are no group ids being passed.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index