Re: RFC: Dynamic group limit
Mattias.Gronlund (Mattias.Gronlund@sa.erisoft.se)
Sat, 31 Jul 1999 13:04:43 +0200
Fred Reimer wrote:
>
> On Tue, 27 Jul 1999, Mattias.Gronlund wrote:
> > Hi,
> >
> > The current kernel has a compile-time limit for the maximum number
> > of groups that a user can be a member of. According to the glibc-
> > manual NGROUPS_MAX is "The value of this macro is actually a lower
> > bound for the maximum".
> >
> > The proposal is to add a sysctl parameter kernel/ngroups_max that
> > is used as the maximum number of groups that a user can be member
> > of at once. The ngroup variable and group array are removed from
> > the task_struct and a pointer to a new groups_struct is added.
>
> If you are talking about dynamic sizing of the number of maximum groups
> per user what do you do if you resize it smaller but there are already
> structures that contain more than your new size? IOW, say the existing
> ngroups_max is 64 and you have a couple of users logged in that have
> 50, 10, and 27 groups in their groups_struct. What would happen if you
> resized ngroups_max to 32?
>
This is a good question, I see three two to tackle this:
1. Lower the limit and just give EFAULT for all new setgroups() calls.
2. Do not allow the limits for the kernel/ngroup_max paramter to be set
lower than the maximum number of groups i any task.
Both has problem with the fact that an application can have been asking
for the max and that max has changed :-(...
I personaly wote for the second approch, but I do not think that this
parameter should be changed too often. The main purpose for it that I
can think of for the moment is a default (but runtime changeable) limit
of 32 groups until enough programs has been tested/fixed for more than
32 groups.
/Mattias
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/