From owner-freebsd-questions@FreeBSD.ORG Fri Dec 9 22:56:49 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93AEC16A41F for ; Fri, 9 Dec 2005 22:56:49 +0000 (GMT) (envelope-from no-spam@swiftdsl.com.au) Received: from smtp.ade.swiftdsl.com.au (smtp.ade.swiftdsl.com.au [218.214.228.98]) by mx1.FreeBSD.org (Postfix) with SMTP id BBB0943D6A for ; Fri, 9 Dec 2005 22:56:48 +0000 (GMT) (envelope-from no-spam@swiftdsl.com.au) Received: (qmail 10480 invoked from network); 9 Dec 2005 22:56:47 -0000 Received: from unknown (HELO daemon.foo.lan) (218.214.176.70) by smtp.ade.swiftdsl.com.au with SMTP; 9 Dec 2005 22:56:47 -0000 From: Ian Moore To: freebsd-questions@freebsd.org Date: Sat, 10 Dec 2005 09:26:36 +1030 User-Agent: KMail/1.8.3 References: <200512071741.57495.no-spam@swiftdsl.com.au> <20051208083015.GE89624@sysadm.stc> In-Reply-To: <20051208083015.GE89624@sysadm.stc> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4668279.CAnrE6lIaS"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200512100926.44709.no-spam@swiftdsl.com.au> Cc: Igor Robul Subject: Re: Changing maximum number of groups in FBSD - is it feasible? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 22:56:49 -0000 --nextPart4668279.CAnrE6lIaS Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 08 December 2005 19:00, Igor Robul wrote: > On Wed, Dec 07, 2005 at 01:48:04PM -0500, Michael P. Soulier wrote: > > On 12/7/05, Ian Moore wrote: > > > Hi, > > > > > > I'm toying with the idea of increasing the maximum number of groups a > > > user can belong to on one of my servers - we have a rather complex > > > organisation and we're hitting the 15 group limit for some people. > > > > Have you considered cascading groups? That's the normal workaround on > > Enterprise Unix systems like HP-UX and Solaris. > > > > Instead of putting everyong in "group", do this instead. > > > > group:*:100:group1,group2 > > group1:*:101:user1,user2 > > group2:*:102:user3, user4 > > AFAIK FreeBSD (and Linux) does not support nested groups (I'm not sure > about POSIX) :-( Well, there goes that idea! > So you can use ACLs (as I do now), or you can recompile world/kernel > with changed syslimits.h: > syslimits.h:#define NGROUPS_MAX 16 > > as I did with FreeBSD-4.X. But be careful on system upgrading. > You need compile both world and kernel because these limits get compiled > to libc, kernel and some static linked utilite and some static linked > utilites.. So it actually does work! And there's no need to adjust or re-compile any=20 ports, just world and kernel? Cheers, =2D-=20 Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc --nextPart4668279.CAnrE6lIaS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDmgusPUlnmbKkJ6ARAvcJAKCI5gDwvPhV0Mcu9dNqQEKaFwA5eACfe9qM uzF8Se+T1+vWSyZO0hQLQPQ= =bAsB -----END PGP SIGNATURE----- --nextPart4668279.CAnrE6lIaS--