On Feb 12, 2009, at 8:17 PM, Da Rock wrote:
I've been following this thread with interest: are you saying FreeBSD
logins cannot handle more than 16 groups? If so, why? Is this
mitigated
by using other authentication methods (ie kerberos, ldap, etc)?
There's a compile-time limit of the relevant kernel data structures as
to how many groups a user can be in, described by "sysctl
kern.ngroups". It's possible to recompile the kernel with a larger
number, but doing so will break NFS (and possibly other things). It
doesn't matter whether you use Kerberos, LDAP, etc to set up the
groups; while those things do not have a 16-group limit, the FreeBSD
kernel [1] does.
With reasonable organization, and appropriate use of sudo or setgid
binaries for things like people who use SVN or CVS, there generally
isn't reason or need for a user to be in so many groups. For the
exceptional cases, switching to using a full ACL system rather than
the traditional Unix permission model is probably going to be a better
solution.
Regards,
--
-Chuck
[1]: And almost all other Unixes...
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
