From owner-freebsd-net@FreeBSD.ORG Fri Apr 16 13:56:45 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5727A106566C for ; Fri, 16 Apr 2010 13:56:45 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 0CFCB8FC20 for ; Fri, 16 Apr 2010 13:56:44 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1O2m2F-0002y3-IM for freebsd-net@freebsd.org; Fri, 16 Apr 2010 15:56:43 +0200 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 16 Apr 2010 15:56:43 +0200 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 16 Apr 2010 15:56:43 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org connect(): No such file or directory From: Ivan Voras Date: Fri, 16 Apr 2010 15:56:31 +0200 Lines: 27 Message-ID: References: <4BC72276.6080003@zirakzigil.org> <4BC81EB2.9070107@zirakzigil.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.8) Gecko/20100329 Thunderbird/3.0.3 In-Reply-To: X-Enigmail-Version: 1.0.1 Cc: freebsd-stable@freebsd.org Subject: Re: NFS permission strangeness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2010 13:56:45 -0000 On 04/16/10 16:07, Rick Macklem wrote: > > > On Fri, 16 Apr 2010, Giulio Ferro wrote: > >> >> Yes, I have more than 16 groups, 22 actually... >> >> However I still think this might be a NFS problem, since when I login on >> the server machine I can access that directory all right, the problem >> arises >> only when I try to access that dir in the client machine... >> > The problem is that the specification of the RPC header used by NFS for > authentication unless you are using krb5 is limited to a gid + 16 > additional groups (a lot of implementations put the gid in the first > entry of the additional groups list, so 16 is the safe limit and 17 > might work). So, you could call it a problem w.r.t. the specification > of the RPC protocol that is used for NFS RPCs, but it would be a bug > in the implementation to handle more than the 16 additional groups. > (Admittedly, it just silently truncates at 16, but I don't think > automatically failing an RPC with more than 16 groups in its cred > would be better?) > > So, yes, it is an NFS problem, but intrisic to the protocol spec, rick Can NFSv4 get around it?