Date: Sat, 15 Feb 2003 15:44:29 -0600 From: Mark Nipper <nipsy@tamu.edu> To: Eugene Grosbein <eugen@kuzbass.ru> Cc: stable@freebsd.org Subject: Re: crash w/ 4.7-STABLE of Wed Feb 12 22:15:15 CST 2003 Message-ID: <20030215214429.GA10077@ops.tamu.edu> In-Reply-To: <3E4E10FD.11AED769@kuzbass.ru> References: <20030214150901.GB61301@ops.tamu.edu> <3E4E10FD.11AED769@kuzbass.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 15, 2003 at 05:05:49PM +0700, Eugene Grosbein wrote: > You should not change NGROUPS_MAX blindly. > Just take a look to CMGROUP_MAX in /usr/src/sys/sys/socket.h > and there are other rabbit holes possibly. > Expect problems with NFS, too. Well, it's not a blind change per se as I need it to put user www into each user's personal group to better secure people's web space and home directories from inspection by other local users. If you know of a better way to do this (than running multiple instances of Apache running as each separate user and proxying requests to each, which is what I was doing before but is not really as elegant a solution as adding www to each user's group, thereby enabling the same ability to lockdown permissions rather tightly), I'd love to hear it. Besides, CMGROUP_MAX seems to address the situation rather than complicate it. If it depended on NGROUPS_MAX, then I might very well be seeing catastrophic failure of subsystems because of hardwired limitations. But this particular define seems to prevent that very thing from happening. And while the machine is an NFS server, www is used only locally, so I can only hope it does not cause problems. Besides, it's not like this machine crashing was a rare thing before implementing the change, so I cannot really be too worried about it now. -- Mark Nipper e-contacts: Computing and Information Services nipsy@tamu.edu Texas A&M University http://ops.tamu.edu/nipsy/ College Station, TX 77843-3142 AIM/Yahoo: texasnipsy ICQ: 66971617 (979)575-3193 MSN: nipsy@tamu.edu -----BEGIN GEEK CODE BLOCK----- GG/IT d- s++:+ a-- C++$ UBL+++$ P--->+++ L+++$ E--- W++ N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--) Y+ PGP++(+) t 5 X R tv b+++ DI+(++) D+ G e h r++ y+(**) ------END GEEK CODE BLOCK------ ---begin random quote of the moment--- You need a license to drive a car, but any idiot can have a child. ----end random quote of the moment---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030215214429.GA10077>