On Wed, Oct 09, 2013 at 03:18:23PM +0200, Edgar Fu? wrote: > I need a certain user to be a member of (or, more precisely, have NFS access > to the data of) more than 16 groups. > One way to go would be to use umapfs to map 16 groups to one. > Is it possible to compile a kernel with a raised NGROUPS or NGROUPS_MAX? > Is there any downside (apart from slightly higher memory usage)?
NFS can only support 16 groups. The AUTH_SYS/AUTH_UNIX RPC credential can only hold 16 groups. This is typically the primary gid and the first 15 secondary gids. Does the user really need to be simultaneously in more than 16 groups? The user can be in more groups but they'll need to use newgrp(1) to change their primary group. Thus effectively shuffling the gid list. Recent versions of AIX, Solaris, and Linux contain work-arounds that essentially by-pass the 16 group limitation (RFC 5531). The degree of by-pass varies (the number of additional groups may not necessarily be unlimited).
