From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 23 15:54:36 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 097F8106566C for ; Mon, 23 Mar 2009 15:54:36 +0000 (UTC) (envelope-from fergus@cobbled.net) Received: from mail1.slb.deg.dub.stisp.net (mail1.slb.deg.dub.stisp.net [84.203.253.98]) by mx1.freebsd.org (Postfix) with SMTP id 5420F8FC0C for ; Mon, 23 Mar 2009 15:54:35 +0000 (UTC) (envelope-from fergus@cobbled.net) Received: (qmail 77645 invoked from network); 23 Mar 2009 15:54:33 -0000 Received: from unknown (HELO holyman.cobbled.net) (84.203.180.117) by mail1.slb.deg.dub.stisp.net with SMTP; 23 Mar 2009 15:54:33 -0000 Received: by holyman.cobbled.net (Postfix, from userid 16385) id 5F2201031D; Mon, 23 Mar 2009 15:54:33 +0000 (UTC) Date: Mon, 23 Mar 2009 15:54:33 +0000 From: n0g0013 To: Boris Kochergin Message-ID: <20090323155433.GA24517@holyman.cobbled.net> Mail-Followup-To: Boris Kochergin , freebsd-hackers@freebsd.org References: <49C6F4F4.5030609@acm.poly.edu> <20090323124502.GA8686@holyman.cobbled.net> <49C79A9B.9070309@acm.poly.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49C79A9B.9070309@acm.poly.edu> Cc: freebsd-hackers@freebsd.org Subject: Re: Doing away with NGROUPS_MAX in src/sys/sys/syslimits.h? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2009 15:54:36 -0000 On 23.03-10:20, Boris Kochergin wrote: [ ... ] > Well, bumping it does get rid of messages like: > > Mar 22 20:44:26 hydrogen sshd[96152]: getgrouplist: groups list too small > Mar 22 20:44:26 hydrogen sshd[96152]: fatal: initgroups: [user]: Invalid > argument yes, that's great but you may be surprised to learn that it doesn't actually solve your problem. i think (and without looking specifically at the impact my even be confident enough to say definately) if you get a groups list it will only be cropped and the error message is being erroneously avoided, not corrected. i'd also suggest that you may be opening up your system to some overflows although, generally, the code sections use the same limits and so you might get away with it. [ ... ] > I'd love to see a resolution to this other than having to recompile the > kernel. Let me know if I can help things along somehow. if you can grab my patch, confirm it builds for you and that it doesn't crash your system , that would be a big help. unfortunately i was going to test it on my xen box only to discover that it doesn't work with amd64 yet. i'm currently coding blind and am not a good programmer so this is bad[tm]. if you can do this and are happy to run a few further tests after that then i'll be sure to put some heat under the rest of the process and get the group limits removed correctly. -- t t w