Date: Fri, 16 Apr 2010 15:56:31 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Cc: freebsd-stable@freebsd.org Subject: Re: NFS permission strangeness Message-ID: <hq9qaf$rk2$1@dough.gmane.org> In-Reply-To: <Pine.GSO.4.63.1004161002080.2259@muncher.cs.uoguelph.ca> References: <4BC72276.6080003@zirakzigil.org> <Pine.GSO.4.63.1004152023580.845@muncher.cs.uoguelph.ca> <4BC81EB2.9070107@zirakzigil.org> <Pine.GSO.4.63.1004161002080.2259@muncher.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/16/10 16:07, Rick Macklem wrote: > > > On Fri, 16 Apr 2010, Giulio Ferro wrote: > >> >> Yes, I have more than 16 groups, 22 actually... >> >> However I still think this might be a NFS problem, since when I login on >> the server machine I can access that directory all right, the problem >> arises >> only when I try to access that dir in the client machine... >> > The problem is that the specification of the RPC header used by NFS for > authentication unless you are using krb5 is limited to a gid + 16 > additional groups (a lot of implementations put the gid in the first > entry of the additional groups list, so 16 is the safe limit and 17 > might work). So, you could call it a problem w.r.t. the specification > of the RPC protocol that is used for NFS RPCs, but it would be a bug > in the implementation to handle more than the 16 additional groups. > (Admittedly, it just silently truncates at 16, but I don't think > automatically failing an RPC with more than 16 groups in its cred > would be better?) > > So, yes, it is an NFS problem, but intrisic to the protocol spec, rick Can NFSv4 get around it?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hq9qaf$rk2$1>