Hello.
Please can you tell me if NFS_MAXGROUPS is tunable for linux kernel? (and is
it safe?) I need more than 16 groups per user. For BSD-kernel it is a tunable
constant (i think so) and I'm not so familar with such things.
What else must i do if it is really tunable?
Thanks
Christian
--
On Sunday 26 September 2004 16:38, Christian Fischer wrote:
> Hello.
>
> Please can you tell me if NFS_MAXGROUPS is tunable for linux kernel? (and
> is it safe?) I need more than 16 groups per user. For BSD-kernel it is a
> tunable constant (i think so) and I'm not so familar with such things.
>
> What else must i do if it is really tunable?
>
> Thanks
> Christian
Sorry, broken english.
Please can you tell me whether NFS_MAXGROUPS is tunable for linux kernel?
Thanks again
--
P? su , 26/09/2004 klokka 10:38, skreiv Christian Fischer:
> Hello.
>
> Please can you tell me if NFS_MAXGROUPS is tunable for linux kernel? (and is
> it safe?) I need more than 16 groups per user. For BSD-kernel it is a tunable
> constant (i think so) and I'm not so familar with such things.
>
> What else must i do if it is really tunable?
No, it is NOT tunable. The SunRPC protocol (rfc1831) states clearly that
the AUTH_SYS (a.k.a. AUTH_UNIX) structure is defined as
struct authsys_parms {
unsigned int stamp;
string machinename<255>;
unsigned int uid;
unsigned int gid;
unsigned int gids<16>;
};
If the BSDs are playing around with that, then they are not adhering to
the protocol, and will be incompatible with all other SunRPC
implementations.
Cheers,
Trond
On Sunday 26 September 2004 18:10, Trond Myklebust wrote:
> No, it is NOT tunable. The SunRPC protocol (rfc1831) states clearly that
> the AUTH_SYS (a.k.a. AUTH_UNIX) structure is defined as
>
> struct authsys_parms {
> unsigned int stamp;
> string machinename<255>;
> unsigned int uid;
> unsigned int gid;
> unsigned int gids<16>;
> };
>
> If the BSDs are playing around with that, then they are not adhering to
> the protocol, and will be incompatible with all other SunRPC
> implementations.
That's a pity.
Christian
--
On Sun, Sep 26, 2004 at 04:43:29PM +0200, Christian Fischer wrote:
> On Sunday 26 September 2004 16:38, Christian Fischer wrote:
> > Hello.
> >
> > Please can you tell me if NFS_MAXGROUPS is tunable for linux kernel? (and
> > is it safe?) I need more than 16 groups per user. For BSD-kernel it is a
> > tunable constant (i think so) and I'm not so familar with such things.
That limit is hardcoded in the SUNRPC protocol (part of NFS) and
_cannot_ be changed: it is a fundamental constant in NFS with AUTH_UNIX
authentication. However, there is a trick to bypass this protocol
limitation, see http://www.frankvm.com/nfs-ngroups for a 2.4.x patch.
The 2.6.x patch is under development.
--
Frank
On Monday 27 September 2004 00:28, Frank van Maarseveen wrote:
> That limit is hardcoded in the SUNRPC protocol (part of NFS) and
> _cannot_ be changed: it is a fundamental constant in NFS with AUTH_UNIX
> authentication. However, there is a trick to bypass this protocol
> limitation, see http://www.frankvm.com/nfs-ngroups for a 2.4.x patch.
>
> The 2.6.x patch is under development.
Thanks for this link. It isn't no more necessary to patch anything since i've
reduced the number of groups per uid to the limit. Well, i'd been reading the
sunRPC rfc before, bringing a lot of trouble to me.
The main problem was that users in the seventeenth (or higher) group (they
should not have any permissions for this group because of NFS_MAXGROUPS) were
able to change without permissions into those directories. I think a user or
group should have permission or NOT, and not a "bit of permissions".
Christian
root@terminalserver # ls -al /home/henry/shared/
[...]
drwxrws--- not_henry 17th_grp work
[...]
henry@terminalserver # cd /home/henry/shared/work/
henry@terminalserver work # ls
ls: reading directory .: Permission denied
# groups henry
[...] 17th_grp 18th_grp [...]
--