Re: anyone running with ngroups increased from 16?

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Tue, 17 Apr 2018 00:11:51 +0000
Brooks Davis wrote:
>On Mon, Apr 16, 2018 at 06:37:53PM +0800, Julian Elischer wrote:
>> Windows users seem to have an almost unlimited number of groups and=20
>> soem places seem to use them a LOT.
>> This gives Posix systems problems with deciding how to handle them=20
>> all. Especially when getting
>> user credentials from winbindd (samba).
>>=20
>> Does anyone know of any work done to either bypass this limit or to at=20
>> least expand it?
>
>I fixed this in 2009 for everything but NFS AUTH_SYS.  NGROUPS_MAX is
>1023.  IIRC the usual hack employed in storage systems is to ignore the
>groups provided by AUTH_SYS and get them from winbindd.  I don't know of
>a public implementation of that.
If winbindd gets the information from LDAP, then you can get the same effect
from "nfsuserd -manage-gids" for AUTH_SYS (or as Toomas Soome noted, the gssd
does the same thing for Kerberized mounts).

Both of these utilities use getgrouplist() on the NFS server to acquire the list
of groups for the user. As such, anything configured for the library call, such
as LDAP, will provide the list of groups.

rick
Received on Mon Apr 16 2018 - 22:11:53 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:15 UTC