From owner-freebsd-hackers@FreeBSD.ORG Thu Sep 27 14:58:24 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F1C116A41A for ; Thu, 27 Sep 2007 14:58:24 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from smtp-1.dlr.de (smtp-1.dlr.de [195.37.61.185]) by mx1.freebsd.org (Postfix) with ESMTP id 93C1A13C478 for ; Thu, 27 Sep 2007 14:58:23 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from knop-beagle.kn.op.dlr.de ([129.247.173.6]) by smtp-1.dlr.de over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Sep 2007 16:58:21 +0200 Date: Thu, 27 Sep 2007 16:58:21 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt_h@knop-beagle.kn.op.dlr.de To: "rsync.net" In-Reply-To: <20070926141636.P21960@mail.rsync.net> Message-ID: <20070927165321.A63884@knop-beagle.kn.op.dlr.de> References: <20070925093722.N21960@mail.rsync.net> <46FAA37B.3020903@elischer.org> <20070926130845.U21960@mail.rsync.net> <46FAC866.5050602@elischer.org> <20070926141636.P21960@mail.rsync.net> X-OpenPGP-Key: harti@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-OriginalArrivalTime: 27 Sep 2007 14:58:21.0222 (UTC) FILETIME=[D8708460:01C80116] Cc: freebsd-hackers@freebsd.org Subject: Re: kern.ngroups (non) setting ... new bounty ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Harti Brandt List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Sep 2007 14:58:24 -0000 On Wed, 26 Sep 2007, rsync.net wrote: r> r> r>On Wed, 26 Sep 2007, Julian Elischer wrote: r> r>> >> rsync.net wrote: r>> >>> It has been impossible to change kern.ngroups - at least for several years r>> >>> now. It was not fixed in either 5.x or 6.x : r>> >>> r>> >>> http://lists.freebsd.org/pipermail/freebsd-bugs/2007-January/022140.html r>> >>> r>> >>> It is seemingly a difficult problem: r>> >>> r>> >>> http://www.atm.tut.fi/list-archive/freebsd-stable/msg09969.html [1] r>> >>> r>> >>> However it should be solved - we can't be the only ones out there trying r>> >>> to add a UID to more than 16 groups... r>> >> the big question is what do you do for NFS? remember something about r>> >> it only having a fixed storage for groups. r>> > r>> > r>> > (snip) r>> > r>> > r>> >>> [1] Is it indeed true that these programs are broken by not following r>> >>> NGROUPS_MAX from syslimits.h? r>> > r>> > r>> > Assuming the answer to the above footnote is "yes", would it be reasonable r>> > to fix the OS generally, but continue to hard code the limits in things r>> > like NFS ? r>> > r>> > Are you saying that, unlike other items, NFS _does_ respect NGROUPS_MAX ? r>> r>> actually it doesn't r>> r>> see: r>> r>> nfs/rpcv2.h:#define RPCAUTH_UNIXGIDS 16 r>> r>> but what do we do if a user has > 16? r> r> r>We have no idea. All we know is, we need some UIDs to be members of more r>than 16 groups, and that is currently impossible. r> r>We are happy to lend financial support to a solution ... however it sounds r>like $500 and free rsync.net storage space isn't going to be sufficient ? r> r>Is it unexpected that someone has run into this limit ? I have :-) There is an easy solution: Bump NGROUPS_MAX and recompile everything. Be aware that in some cases the group list is truncated: NFS and socket credentials (there may be more). I've done this over a year ago on my desktop because I'm in 50 groups that come from an active directory. Making this changeable via sysctl involves more work (see for example struct kproc_info). harti