Date: Tue, 17 Apr 2018 00:11:51 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Brooks Davis <brooks@freebsd.org> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: anyone running with ngroups increased from 16? Message-ID: <YQBPR0101MB1042148375A4A4D0B70F1788DDB70@YQBPR0101MB1042.CANPRD01.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Brooks Davis wrote: >On Mon, Apr 16, 2018 at 06:37:53PM +0800, Julian Elischer wrote: >> Windows users seem to have an almost unlimited number of groups and=3D20 >> soem places seem to use them a LOT. >> This gives Posix systems problems with deciding how to handle them=3D20 >> all. Especially when getting >> user credentials from winbindd (samba). >>=3D20 >> Does anyone know of any work done to either bypass this limit or to at= =3D20 >> least expand it? > >I fixed this in 2009 for everything but NFS AUTH_SYS. NGROUPS_MAX is >1023. IIRC the usual hack employed in storage systems is to ignore the >groups provided by AUTH_SYS and get them from winbindd. I don't know of >a public implementation of that. If winbindd gets the information from LDAP, then you can get the same effec= t from "nfsuserd -manage-gids" for AUTH_SYS (or as Toomas Soome noted, the gs= sd does the same thing for Kerberized mounts). Both of these utilities use getgrouplist() on the NFS server to acquire the= list of groups for the user. As such, anything configured for the library call, = such as LDAP, will provide the list of groups. rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YQBPR0101MB1042148375A4A4D0B70F1788DDB70>