On Thu, 2009-02-12 at 20:37 -0800, Chuck Swiger wrote: > On Feb 12, 2009, at 8:17 PM, Da Rock wrote: > > I've been following this thread with interest: are you saying FreeBSD > > logins cannot handle more than 16 groups? If so, why? Is this > > mitigated > > by using other authentication methods (ie kerberos, ldap, etc)? > > There's a compile-time limit of the relevant kernel data structures as > to how many groups a user can be in, described by "sysctl > kern.ngroups". It's possible to recompile the kernel with a larger > number, but doing so will break NFS (and possibly other things). It > doesn't matter whether you use Kerberos, LDAP, etc to set up the > groups; while those things do not have a 16-group limit, the FreeBSD > kernel [1] does. > > With reasonable organization, and appropriate use of sudo or setgid > binaries for things like people who use SVN or CVS, there generally > isn't reason or need for a user to be in so many groups. For the > exceptional cases, switching to using a full ACL system rather than > the traditional Unix permission model is probably going to be a better > solution.
Interesting. What would you suggest for full ACL? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"