Re: NFS TUNING: #define NFS3_MAXGROUPS

From: Christian Fischer
Date: Mon Sep 27 2004 - 08:35:37 EST


On Monday 27 September 2004 00:28, Frank van Maarseveen wrote:

> That limit is hardcoded in the SUNRPC protocol (part of NFS) and
> _cannot_ be changed: it is a fundamental constant in NFS with AUTH_UNIX
> authentication. However, there is a trick to bypass this protocol
> limitation, see http://www.frankvm.com/nfs-ngroups for a 2.4.x patch.
>
> The 2.6.x patch is under development.

Thanks for this link. It isn't no more necessary to patch anything since i've
reduced the number of groups per uid to the limit. Well, i'd been reading the
sunRPC rfc before, bringing a lot of trouble to me.

The main problem was that users in the seventeenth (or higher) group (they
should not have any permissions for this group because of NFS_MAXGROUPS) were
able to change without permissions into those directories. I think a user or
group should have permission or NOT, and not a "bit of permissions".

Christian

root@terminalserver # ls -al /home/henry/shared/
[...]
drwxrws--- not_henry 17th_grp work
[...]

henry@terminalserver # cd /home/henry/shared/work/
henry@terminalserver work # ls
ls: reading directory .: Permission denied

# groups henry
[...] 17th_grp 18th_grp [...]
--

Attachment: pgp00000.pgp
Description: PGP signature