Date: Mon, 4 Dec 2000 07:39:57 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Dmitry Karasik <dk@plab.ku.dk> Cc: questions@freebsd.org Subject: Re: NGROUPS_MAX in sys/syslimits.h Message-ID: <14891.40621.555226.574803@guru.mired.org> In-Reply-To: <86465101@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Karasik <dk@plab.ku.dk> types: > Hi Mike! > > On 04 Dec 00 at 02:56, "Mike" (Mike Meyer) wrote: > > Mike> Dmitry Karasik <dk@plab.ku.dk> types: > >> I recently found myself in "too many groups", as LIBC complains; I > >> found that somehow that if I present in more than in 16 groups ( what > >> is exactly that value of NGROUPS_MAX in sys/syslimits.h), I run into > >> problems. Well, first thing that popped out was to recompile LIBC, and > >> maybe I'll do that (later), but I'm just curious - how come that 16 is > >> a limit? Didn't anyone before run into this "implementation flaw"? Or, > >> maybe, there exists some better solution? > > Mike> Which begs the question - why do you need so many groups? There may > Mike> be a better solution to the problem that's causing that than kernel > Mike> groups. > > 21 is not many - but of course, it depends what are you conting :) > But you might be right. My problem is that I want to secure users' homes > by chmod 750, but as they often need my help with their files, I just > want to be in every group they are in. Our current configuration is that > every user possesses a group with same name. You're right - 21 isn't many. But that number will change every time you add a user, and your solution to the problem doesn't scale well. I think that's the real reason this hasn't been changed - solutions that depend on the user being a member of one or more groups don't scale well, so they tend to be avoided. If the goal is really to keep other users from reading each others accounts, while letting you read them, I'd suggest that that's pretty much what root access was meant for. If that bothers you, you can set up sudo to let you su to a specific user id without going through a root shell. If you feel like doing some coding, a set of shell commands that hook into the acl interface could be used, and would probably be something that the community as a whole would appreciate. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14891.40621.555226.574803>