From owner-freebsd-stable  Sun Oct 18 22:18:26 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA19148
          for freebsd-stable-outgoing; Sun, 18 Oct 1998 22:18:26 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from bart.zip.com.au (bart.zip.com.au [61.8.6.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA19131
          for <freebsd-stable@FreeBSD.ORG>; Sun, 18 Oct 1998 22:18:21 -0700 (PDT)
          (envelope-from bart@bart.zip.com.au)
Received: (from bart@localhost)
	by bart.zip.com.au (8.8.8/8.8.8) id PAA01615;
	Mon, 19 Oct 1998 15:18:01 +1000 (EST)
	(envelope-from bart)
Date: Mon, 19 Oct 1998 15:18:01 +1000 (EST)
Message-Id: <199810190518.PAA01615@bart.zip.com.au>
From: Bart Lindsey <bart@burra.zip.com.au>
To: cs@pollux.sdata.de
CC: freebsd-stable@FreeBSD.ORG
In-reply-to: <199810181623.SAA24886@pollux.sdata.de> (message from Christoph
	Splittgerber on Sun, 18 Oct 1998 18:23:58 +0200 (MET DST))
Subject: Re: NGROUPS
References:  <199810181623.SAA24886@pollux.sdata.de>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Christoph Splittgerber <chris@pollux.sdata.de> e-toned:
>
...
>We are using a 2.2.7stable with a user/group scheme where every user is
>assigned to her own group with a default umask of 007. For all
>the different projects we create an extra group and assign all users which
>need to work on the project to that group. This works perfectly, however
>with this scheme it is very likely that you hit the NGROUPS maximum which
>is at just "16".
>
>What problems should I expect when I increase NGROUPS_MAX to, lets say, "64"
>in /usr/src/sys/sys/param.h ? Is this the right place to change the limit ?
>Do I only have to recompile a new kernel or do I need a "make world" ?

The NGROUPS_MAX constant is often passed as an argument to getgroups to
specifiy the size of the returned group access list. It's used in lots of
progs from id, chown, etc to sendmail and pppd.

"make world" would be the least you'd have to do. Other apps, eg in the ports
collection may use this too. :-/

>Wouldn't NGROUPS_MAX be a good candidate for the kernel config file ?

No, because of above. It's a system wide constant.
You cannot change kern.ngroups using sysctl either.

This makes you wonder why it was set so low in the first place. In most 
situations though, 16 is a reasonable number.

An alternative (which probably doesn't meet all your needs) is to use the
features of your source repository (like Commitinfo file in CVS) to
restrict "commit" operations to authorised users.

Cheers,

Bart.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message