From owner-freebsd-stable Sat Feb 15 13:44:34 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D7DE37B401 for ; Sat, 15 Feb 2003 13:44:32 -0800 (PST) Received: from ops.tamu.edu (ops.tamu.edu [165.91.250.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3114143F93 for ; Sat, 15 Feb 2003 13:44:32 -0800 (PST) (envelope-from nipsy@ops.tamu.edu) Received: from nipsy by ops.tamu.edu with local (Exim 4.10) id 18kA6o-0002fP-00; Sat, 15 Feb 2003 15:44:30 -0600 Date: Sat, 15 Feb 2003 15:44:29 -0600 From: Mark Nipper To: Eugene Grosbein Cc: stable@freebsd.org Subject: Re: crash w/ 4.7-STABLE of Wed Feb 12 22:15:15 CST 2003 Message-ID: <20030215214429.GA10077@ops.tamu.edu> References: <20030214150901.GB61301@ops.tamu.edu> <3E4E10FD.11AED769@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E4E10FD.11AED769@kuzbass.ru> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Feb 15, 2003 at 05:05:49PM +0700, Eugene Grosbein wrote: > You should not change NGROUPS_MAX blindly. > Just take a look to CMGROUP_MAX in /usr/src/sys/sys/socket.h > and there are other rabbit holes possibly. > Expect problems with NFS, too. Well, it's not a blind change per se as I need it to put user www into each user's personal group to better secure people's web space and home directories from inspection by other local users. If you know of a better way to do this (than running multiple instances of Apache running as each separate user and proxying requests to each, which is what I was doing before but is not really as elegant a solution as adding www to each user's group, thereby enabling the same ability to lockdown permissions rather tightly), I'd love to hear it. Besides, CMGROUP_MAX seems to address the situation rather than complicate it. If it depended on NGROUPS_MAX, then I might very well be seeing catastrophic failure of subsystems because of hardwired limitations. But this particular define seems to prevent that very thing from happening. And while the machine is an NFS server, www is used only locally, so I can only hope it does not cause problems. Besides, it's not like this machine crashing was a rare thing before implementing the change, so I cannot really be too worried about it now. -- Mark Nipper e-contacts: Computing and Information Services nipsy@tamu.edu Texas A&M University http://ops.tamu.edu/nipsy/ College Station, TX 77843-3142 AIM/Yahoo: texasnipsy ICQ: 66971617 (979)575-3193 MSN: nipsy@tamu.edu -----BEGIN GEEK CODE BLOCK----- GG/IT d- s++:+ a-- C++$ UBL+++$ P--->+++ L+++$ E--- W++ N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--) Y+ PGP++(+) t 5 X R tv b+++ DI+(++) D+ G e h r++ y+(**) ------END GEEK CODE BLOCK------ ---begin random quote of the moment--- You need a license to drive a car, but any idiot can have a child. ----end random quote of the moment---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message