Date: Mon, 19 Oct 1998 15:18:01 +1000 (EST) From: Bart Lindsey <bart@burra.zip.com.au> To: cs@pollux.sdata.de Cc: freebsd-stable@FreeBSD.ORG Subject: Re: NGROUPS Message-ID: <199810190518.PAA01615@bart.zip.com.au> In-Reply-To: <199810181623.SAA24886@pollux.sdata.de> (message from Christoph Splittgerber on Sun, 18 Oct 1998 18:23:58 %2B0200 (MET DST)) References: <199810181623.SAA24886@pollux.sdata.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Christoph Splittgerber <chris@pollux.sdata.de> e-toned: > ... >We are using a 2.2.7stable with a user/group scheme where every user is >assigned to her own group with a default umask of 007. For all >the different projects we create an extra group and assign all users which >need to work on the project to that group. This works perfectly, however >with this scheme it is very likely that you hit the NGROUPS maximum which >is at just "16". > >What problems should I expect when I increase NGROUPS_MAX to, lets say, "64" >in /usr/src/sys/sys/param.h ? Is this the right place to change the limit ? >Do I only have to recompile a new kernel or do I need a "make world" ? The NGROUPS_MAX constant is often passed as an argument to getgroups to specifiy the size of the returned group access list. It's used in lots of progs from id, chown, etc to sendmail and pppd. "make world" would be the least you'd have to do. Other apps, eg in the ports collection may use this too. :-/ >Wouldn't NGROUPS_MAX be a good candidate for the kernel config file ? No, because of above. It's a system wide constant. You cannot change kern.ngroups using sysctl either. This makes you wonder why it was set so low in the first place. In most situations though, 16 is a reasonable number. An alternative (which probably doesn't meet all your needs) is to use the features of your source repository (like Commitinfo file in CVS) to restrict "commit" operations to authorised users. Cheers, Bart. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810190518.PAA01615>