From owner-freebsd-net@FreeBSD.ORG Fri Apr 16 13:53:23 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9EBE1065670; Fri, 16 Apr 2010 13:53:23 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 449308FC08; Fri, 16 Apr 2010 13:53:22 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAF8IyEuDaFvI/2dsb2JhbACbc3G+GoJ2AYIXBA X-IronPort-AV: E=Sophos;i="4.52,219,1270440000"; d="scan'208";a="73018492" Received: from darling.cs.uoguelph.ca ([131.104.91.200]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 16 Apr 2010 09:53:21 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id 73DEE940169; Fri, 16 Apr 2010 09:53:21 -0400 (EDT) X-Virus-Scanned: amavisd-new at darling.cs.uoguelph.ca Received: from darling.cs.uoguelph.ca ([127.0.0.1]) by localhost (darling.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OiY7i08NQJTp; Fri, 16 Apr 2010 09:53:15 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id B6286940165; Fri, 16 Apr 2010 09:53:15 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id o3GE7DO03453; Fri, 16 Apr 2010 10:07:13 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Fri, 16 Apr 2010 10:07:13 -0400 (EDT) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: Giulio Ferro In-Reply-To: <4BC81EB2.9070107@zirakzigil.org> Message-ID: References: <4BC72276.6080003@zirakzigil.org> <4BC81EB2.9070107@zirakzigil.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "freebsd-net@freebsd.org" , freebsd-stable@freebsd.org Subject: Re: NFS permission strangeness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2010 13:53:23 -0000 On Fri, 16 Apr 2010, Giulio Ferro wrote: > > Yes, I have more than 16 groups, 22 actually... > > However I still think this might be a NFS problem, since when I login on > the server machine I can access that directory all right, the problem arises > only when I try to access that dir in the client machine... > The problem is that the specification of the RPC header used by NFS for authentication unless you are using krb5 is limited to a gid + 16 additional groups (a lot of implementations put the gid in the first entry of the additional groups list, so 16 is the safe limit and 17 might work). So, you could call it a problem w.r.t. the specification of the RPC protocol that is used for NFS RPCs, but it would be a bug in the implementation to handle more than the 16 additional groups. (Admittedly, it just silently truncates at 16, but I don't think automatically failing an RPC with more than 16 groups in its cred would be better?) So, yes, it is an NFS problem, but intrisic to the protocol spec, rick