From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 23 14:21:05 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38250106566C for ; Mon, 23 Mar 2009 14:21:05 +0000 (UTC) (envelope-from spawk@acm.poly.edu) Received: from acm.poly.edu (acm.poly.edu [128.238.9.200]) by mx1.freebsd.org (Postfix) with ESMTP id 0024E8FC0A for ; Mon, 23 Mar 2009 14:21:04 +0000 (UTC) (envelope-from spawk@acm.poly.edu) Received: (qmail 4719 invoked from network); 23 Mar 2009 14:21:04 -0000 Received: from unknown (HELO ?10.0.0.135?) (spawk@128.238.64.31) by acm.poly.edu with AES256-SHA encrypted SMTP; 23 Mar 2009 14:21:04 -0000 Message-ID: <49C79A9B.9070309@acm.poly.edu> Date: Mon, 23 Mar 2009 10:20:11 -0400 From: Boris Kochergin User-Agent: Thunderbird 2.0.0.19 (X11/20090108) MIME-Version: 1.0 To: ttw+bsd@cobbled.net, freebsd-hackers@freebsd.org References: <49C6F4F4.5030609@acm.poly.edu> <20090323124502.GA8686@holyman.cobbled.net> In-Reply-To: <20090323124502.GA8686@holyman.cobbled.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Doing away with NGROUPS_MAX in src/sys/sys/syslimits.h? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2009 14:21:06 -0000 ttw+bsd@cobbled.net wrote: > On 22.03-22:33, Boris Kochergin wrote: > >> Ahoy. I got bitten by this today--a system I administer for someone had >> users in more than 16 groups, so I had to bump the value, recompile the >> kernel, and reboot. It seems desirable to (at the very least) make this >> a read-only tunable that can be set using /boot/loader.conf, so as to >> avoid source modification and kernel recompilation. I had a look around, >> and noticed that NGROUPS_MAX is used to construct static arrays in a >> couple of locations ("ibcs2_gid_t iset[NGROUPS_MAX];"). It seems that >> malloc(9)/MALLOC(9) can be used to allocate memory for the array >> instead, and panic() (or something) can be called if the allocation >> fails, no? Is that about the gist of it? If I'm not overlooking >> something major, I'd like to take a stab at it. >> > > i've sumbitted a patch for this to hackers@' list but actually > bumping the groups limit is more work. i'm pretty far on with it > but am unsure wwhen it'll be completed. if anyone wishes a copy of > the patches or current working patch then i'd be happy to post it. > > note that bumping NGROUPS_MAX will do little in itself. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > Well, bumping it does get rid of messages like: Mar 22 20:44:26 hydrogen sshd[96152]: getgrouplist: groups list too small Mar 22 20:44:26 hydrogen sshd[96152]: fatal: initgroups: [user]: Invalid argument ...and allows users who are in more than 16 groups to log in. I think there's something to be said for that. Anyway, thanks for the update. I'd love to see a resolution to this other than having to recompile the kernel. Let me know if I can help things along somehow. -Boris