Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Increase the maximum value of NGROUPS_MAX to 1024
1.2. Name of Document Author/Supplier:
Author: Casper Dik
1.3 Date of This Document:
08 October, 2009
4. Technical Description
I'm sponsoring this fasttrack for myself.
Binding: patch/micro
This project proposes changing the maximum value for NGROUPS_MAX
from 32 to 1024 by changing the definition of NGROUPS_UMAX from 32
to 1024.
The use for a larger number of groups is described in CR 4088757,
particular in the case of Samba servers and ADS clients; the
Samba servers map every SID to a Unix group. Users with more
than 32 groups SIDs are common. We've seen reports varying from
"64 is enough", "128 is absolutely enough" and "we've users with
more 190 group SIDS).
NGROUPS_MAX as defined by different Unix versions are as follows
(http://www.j3e.de/ngroups.html):
Linux Kernel >= 2.6.3 65536
Linux Kernel < 2.6.3 32
Tru64 / OSF/1 32
IBM AIX 5.2 64
IBM AIX 5.3 ... 6.1 128
OpenBSD, NetBSD, FreeBSD, Darwin (Mac OS X) 16
Sun Solaris 7,8,9,10 16 (can vary from 0-32)
HP-UX 20
IRIX 16 (can vary from 0-32)
Plan 9 from Bell Labs 32
Minix 3 0 (Minix-vmd: 16)
QNX 6.4 8
The maximum number of groups SIDS in Microsoft appears to be 1024,
see http://support.microsoft.com/kb/328889; this is how we arrived at
the new maximum limit of 1024.
The default value of NGROUPS_MAX will continue to be 16 except for
debug builds where NGROUP_MAX will be defined as NGROUPS_UMAX.
As part of this case, we're change the "AUTH_SYS" semantics for RPC;
rather than failing for users in more than 16 groups, we'd prefer to
copy the semantics of others: just drop the additional groups and
perform the operation with a reduced set of groups.
The loopback RPC is also modified to make sure that loopback RPC will
work for processes with more than groups then will fit in the
400 byte allowable in the RPC protocol by dropping additional
groups.
Ucred routines will shrink the actual size of the ucred exchanges: the
ucred structures will "shrink to fit" and only processes which use a lot
of groups will pay for this in ucred exchanges.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
on-net
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
