From owner-freebsd-current@FreeBSD.ORG  Sat Dec 13 12:14:53 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC8D216A51C; Sat, 13 Dec 2003 12:14:52 -0800 (PST)
Received: from smtp.web.de (smtp04.web.de [217.72.192.208])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 62F8343D83; Sat, 13 Dec 2003 12:14:16 -0800 (PST)
	(envelope-from yanestra@web.de)
Received: from dsl-213-023-212-223.arcor-ip.net ([213.23.212.223] helo=web.de)
	by smtp.web.de with asmtp (TLSv1:RC4-MD5:128)
	(WEB.DE 4.99 #566)
	id 1AVG9W-0001O7-00; Sat, 13 Dec 2003 21:14:14 +0100
Message-ID: <3FDB731A.7020301@web.de>
Date: Sat, 13 Dec 2003 21:14:18 +0100
From: "Klaus-J. Wolf" <yanestra@web.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031210
X-Accept-Language: en-us, en, de
MIME-Version: 1.0
To: current@freebsd.org
References: <Pine.NEB.3.96L.1031212192815.26485A-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1031212192815.26485A-100000@fledge.watson.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: yanestra@web.de
cc: Robert Watson <rwatson@freebsd.org>
cc: Kris Kennaway <kris@obsecurity.org>
Subject: Re: [RC1] Login not possible
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: current@freebsd.org
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2003 20:14:53 -0000

Excuse me, but the limit of a maximum of 16 group memberships per user 
has not been known to me. It would be a good idea to document it somewhere.

I know a number of persons who will run into problems because their idea 
of proper system architecture requires certain persons to be a member of 
a higher amount of user groups. Until now, it might not have worked, but 
the day it finally crashes and nobody can log in anymore, will not make 
them happy.

There should be an option, somehow.

Robert Watson wrote:

>FWIW, I think that failing here is the right thing to do (since otherwise
>the kernel silently changes the access control rights of processes), but
>that the failure error is a bit obscure.  That said, the setusercontext() 
>API isn't really set up to provide more detailed error information, so
>we'll need to expand the API.  I wonder if it would make sense to modify
>the pw/etc commands to generate warnings if they discover a user in too
>many groups... 
>
>  
>