From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  8 08:30:51 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B95D16A420
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Dec 2005 08:30:51 +0000 (GMT)
	(envelope-from igorr@speechpro.com)
Received: from speechpro.com (speech-tech-2.ip.PeterStar.net [81.3.190.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 700A343D6E
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Dec 2005 08:30:43 +0000 (GMT)
	(envelope-from igorr@speechpro.com)
Received: from sysadm.stc ([192.168.2.26])
	by s1.stc with esmtp (Exim 4.53 (FreeBSD)) id 1EkHAn-0003pM-PE
	for freebsd-questions@freebsd.org; Thu, 08 Dec 2005 11:30:41 +0300
Received: from localhost.stc ([127.0.0.1] helo=sysadm.stc)
	by sysadm.stc with esmtp (Exim 4.54 (FreeBSD)) id 1EkHAO-000NNE-Cr
	for freebsd-questions@freebsd.org; Thu, 08 Dec 2005 11:30:16 +0300
Received: (from igorr@localhost)
	by sysadm.stc (8.13.4/8.13.3/Submit) id jB88UGRu089851
	for freebsd-questions@freebsd.org; Thu, 8 Dec 2005 11:30:16 +0300 (MSK)
	(envelope-from igorr)
Date: Thu, 8 Dec 2005 11:30:15 +0300
From: Igor Robul <igorr@speechpro.com>
To: freebsd-questions@freebsd.org
Message-ID: <20051208083015.GE89624@sysadm.stc>
References: <200512071741.57495.no-spam@swiftdsl.com.au>
	<fb6605670512071048h4235c584l48574cda7a2214a2@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <fb6605670512071048h4235c584l48574cda7a2214a2@mail.gmail.com>
User-Agent: Mutt/1.5.11
X-Archived: Yes
Subject: Re: Changing maximum number of groups in FBSD - is it feasible?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2005 08:30:51 -0000

On Wed, Dec 07, 2005 at 01:48:04PM -0500, Michael P. Soulier wrote:
> On 12/7/05, Ian Moore <no-spam@swiftdsl.com.au> wrote:
> > Hi,
> >
> > I'm toying with the idea of increasing the maximum number of groups a user can
> > belong to on one of my servers - we have a rather complex organisation and
> > we're hitting the 15 group limit for some people.
> 
> Have you considered cascading groups? That's the normal workaround on
> Enterprise Unix systems like HP-UX and Solaris.
> 
> Instead of putting everyong in "group", do this instead.
> 
> group:*:100:group1,group2
> group1:*:101:user1,user2
> group2:*:102:user3, user4
AFAIK FreeBSD (and Linux) does not support nested groups (I'm not sure
about POSIX) :-(

So you can use ACLs (as I do now), or you can recompile world/kernel
with changed syslimits.h:
syslimits.h:#define     NGROUPS_MAX                16

as I did with FreeBSD-4.X. But be careful on system upgrading.
You need compile both world and kernel because these limits get compiled
to libc, kernel and some static linked utilite and some static linked
utilites..