Casper.Dik at sun.com wrote:
> It is listed in the case materials; the current Solaris kernel will drop
> any RPC operation where the user is in more than 16 groups.
>
> Other implementations will just truncate the number of groups to 16.
>
> I'm inclined to follow the market, truncate the group list and then
> try the RPC operation. It's in the specification.
>
> Specifically, I was convinced when I was running with 1000 groups and I
> was not able to access anything over NFS. Not very practical.
It depends.... If you use the withdrawn POSIX ACL draft, then by truncating the
list you will potentially get less permissions.
If you use NTFS ACLs that include deny entries this differs.
As we are talking about older NFS versions that do not support NTFS ACLs, it
seems
to be not a security risk to truncate the list.
J?rg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
joerg.schilling at fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
