Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI This information is Copyright 2009 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: Increase the maximum value of NGROUPS_MAX to 1024 1.2. Name of Document Author/Supplier: Author: Casper Dik 1.3 Date of This Document: 08 October, 2009 4. Technical Description I'm sponsoring this fasttrack for myself.
Binding: patch/micro This project proposes changing the maximum value for NGROUPS_MAX from 32 to 1024 by changing the definition of NGROUPS_UMAX from 32 to 1024. The use for a larger number of groups is described in CR 4088757, particular in the case of Samba servers and ADS clients; the Samba servers map every SID to a Unix group. Users with more than 32 groups SIDs are common. We've seen reports varying from "64 is enough", "128 is absolutely enough" and "we've users with more 190 group SIDS). NGROUPS_MAX as defined by different Unix versions are as follows (http://www.j3e.de/ngroups.html): Linux Kernel >= 2.6.3 65536 Linux Kernel < 2.6.3 32 Tru64 / OSF/1 32 IBM AIX 5.2 64 IBM AIX 5.3 ... 6.1 128 OpenBSD, NetBSD, FreeBSD, Darwin (Mac OS X) 16 Sun Solaris 7,8,9,10 16 (can vary from 0-32) HP-UX 20 IRIX 16 (can vary from 0-32) Plan 9 from Bell Labs 32 Minix 3 0 (Minix-vmd: 16) QNX 6.4 8 The maximum number of groups SIDS in Microsoft appears to be 1024, see http://support.microsoft.com/kb/328889; this is how we arrived at the new maximum limit of 1024. The default value of NGROUPS_MAX will continue to be 16 except for debug builds where NGROUP_MAX will be defined as NGROUPS_UMAX. As part of this case, we're change the "AUTH_SYS" semantics for RPC; rather than failing for users in more than 16 groups, we'd prefer to copy the semantics of others: just drop the additional groups and perform the operation with a reduced set of groups. The loopback RPC is also modified to make sure that loopback RPC will work for processes with more than groups then will fit in the 400 byte allowable in the RPC protocol by dropping additional groups. Ucred routines will shrink the actual size of the ucred exchanges: the ucred structures will "shrink to fit" and only processes which use a lot of groups will pay for this in ucred exchanges. 6. Resources and Schedule 6.4. Steering Committee requested information 6.4.1. Consolidation C-team Name: on-net 6.5. ARC review type: FastTrack 6.6. ARC Exposure: open