From: Simon Kirby <sim@netnation.com>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jesse Pollard <pollard@admin.navo.hpc.mil>
Cc: Tim Hockin <thockin@sun.com>, Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: [BK PATCH 1/4] fix NGROUPS hard limit (resend)
Date: Tue, 22 Oct 2002 19:41:22 -0700 [thread overview]
Message-ID: <20021023024122.GA2205@netnation.com> (raw)
In-Reply-To: <200210221303.47488.pollard@admin.navo.hpc.mil>
On Tue, Oct 22, 2002 at 01:03:47PM -0500, Jesse Pollard wrote:
> And I really doubt that anybody has 10000 unique groups (or even
> close to that) running under any system. The center I'm at has
> some of the largest UNIX systems ever made, and there are only
> about 600 unique groups over the entire center. The largest number
> of groups a user can be in is 32. And nobody even comes close.
It happens. We have a bunch of webservers with the web user in thousands
of groups, and we ran into the per-process limit a long, long time ago.
My solution was a bit simpler, however:
static int supplemental_group_member(gid_t grp)
{
int i = current->ngroups;
+ if (current->uid == 80)
+ if (grp >= 1000)
+ return 1;
O:)
This allows us to have a group-per-user policy where the web server has
access to each user's files without allowing any user to have access to
files belonging to any other user, which is quite useful.
Simon-
[ Simon Kirby ][ Network Operations ]
[ sim@netnation.com ][ NetNation Communications ]
[ Opinions expressed are not necessarily those of my employer. ]
next prev parent reply other threads:[~2002-10-23 2:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-22 0:36 [BK PATCH 1/4] fix NGROUPS hard limit (resend) Timothy Hockin
2002-10-22 1:39 ` Aaron Lehmann
2002-10-22 17:44 ` Tim Hockin
2002-10-22 9:51 ` Alan Cox
2002-10-22 17:26 ` Tim Hockin
2002-10-22 17:45 ` Alan Cox
2002-10-22 17:37 ` Tim Hockin
2002-10-22 18:03 ` Jesse Pollard
2002-10-22 18:21 ` Tim Hockin
2002-10-22 18:54 ` Rik van Riel
2002-10-22 19:12 ` Jesse Pollard
2002-10-22 19:39 ` Rik van Riel
2002-10-25 9:34 ` Panu Matilainen
2002-10-25 12:49 ` jw schultz
2002-10-25 18:17 ` Tim Hockin
2002-10-22 19:45 ` Mike Touloumtzis
2002-10-22 20:13 ` Jesse Pollard
2002-10-22 20:30 ` Mike Touloumtzis
2002-10-23 14:17 ` Jesse Pollard
2002-10-22 20:18 ` Hildo.Biersma
2002-10-23 2:41 ` Simon Kirby [this message]
[not found] <354127220@toto.iv>
2002-10-23 0:09 ` Peter Chubb
-- strict thread matches above, loose matches on Subject: below --
2002-10-23 10:16 Randal, Phil
2002-10-29 19:32 Timothy Hockin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021023024122.GA2205@netnation.com \
--to=sim@netnation.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=pollard@admin.navo.hpc.mil \
--cc=thockin@sun.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.