[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Savannah and groups limitations

From: Sylvain Beucler
Subject: [Savannah-hackers-public] Savannah and groups limitations
Date: Wed, 24 Aug 2005 23:35:10 +0200
User-agent: Mutt/1.5.9i

Hello Justin,

We would need a kernel compiled with NGROUPS_MAX set to a high value
(say 65536). Could you do this?


We have several members who are part of lots of different projects (eg
"bkuhn" with 33 projects and 67 system groups), more than the default
maximum number of groups per users in the Linux kernel (32).

How to reproduce:
mkdir /tmp/mytest
chown usenet /tmp/mytest
getent group | grep bkuhn | grep usenet # He's in it
su - bkuhn -s /bin/bash
cd /tmp/mytest # Access denied...
It works with 'gvc' or any of the first 32 groups.

The current workaround is performed by the CVS proxy, that setgid(2)
appropriately (hence only 1 group referenced in each CVS processes, no
limit breaking). However this can be done on all the services we
intend to offer (namely, GNU Arch / sftp).

I investigated using ACLs instead, but ACLs are limited to 32 entries
in ext2&3, so that's not interesting either ('www' has more than 100

The solution used by the previous Savannah hackers was also to
recompile the kernel as well as several packages with
NGROUPS_MAX=512. Apparently this brings severals issues with it:

NOTE: I saw that the current Debian testing and unstable kernel uses
65536 (check /usr/include/linux/limits.h), and in my system (testing)
I made a successful test with 100 groups. Unfortunately we use stable
which still uses 32, so we may need to patch/recompile some packages
as well. Darn :( Anyway we need a kernel with NGROUPS_MAX=65536 to
start working around this limitation.

Any idea on how to fix the issue anyone?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]