From owner-freebsd-questions Mon Dec 4 5:40: 6 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 4 05:40:03 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 4E82037B400 for ; Mon, 4 Dec 2000 05:40:03 -0800 (PST) Received: (qmail 26015 invoked by uid 100); 4 Dec 2000 13:39:57 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14891.40621.555226.574803@guru.mired.org> Date: Mon, 4 Dec 2000 07:39:57 -0600 (CST) To: Dmitry Karasik Cc: questions@freebsd.org Subject: Re: NGROUPS_MAX in sys/syslimits.h In-Reply-To: <86465101@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Message: You should get a better mailer. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dmitry Karasik types: > Hi Mike! > > On 04 Dec 00 at 02:56, "Mike" (Mike Meyer) wrote: > > Mike> Dmitry Karasik types: > >> I recently found myself in "too many groups", as LIBC complains; I > >> found that somehow that if I present in more than in 16 groups ( what > >> is exactly that value of NGROUPS_MAX in sys/syslimits.h), I run into > >> problems. Well, first thing that popped out was to recompile LIBC, and > >> maybe I'll do that (later), but I'm just curious - how come that 16 is > >> a limit? Didn't anyone before run into this "implementation flaw"? Or, > >> maybe, there exists some better solution? > > Mike> Which begs the question - why do you need so many groups? There may > Mike> be a better solution to the problem that's causing that than kernel > Mike> groups. > > 21 is not many - but of course, it depends what are you conting :) > But you might be right. My problem is that I want to secure users' homes > by chmod 750, but as they often need my help with their files, I just > want to be in every group they are in. Our current configuration is that > every user possesses a group with same name. You're right - 21 isn't many. But that number will change every time you add a user, and your solution to the problem doesn't scale well. I think that's the real reason this hasn't been changed - solutions that depend on the user being a member of one or more groups don't scale well, so they tend to be avoided. If the goal is really to keep other users from reading each others accounts, while letting you read them, I'd suggest that that's pretty much what root access was meant for. If that bothers you, you can set up sudo to let you su to a specific user id without going through a root shell. If you feel like doing some coding, a set of shell commands that hook into the acl interface could be used, and would probably be something that the community as a whole would appreciate. http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message