NFS TUNING: #define NFS3_MAXGROUPS

NFS TUNING: #define NFS3_MAXGROUPS

[Christian Fischer]

[-- Attachment #1: Type: text/plain, Size: 309 bytes --]

Hello.

Please can you tell me if  NFS_MAXGROUPS is tunable for linux kernel? (and is 
it safe?) I need more than 16 groups per user. For BSD-kernel it is a tunable 
constant (i think so) and I'm not so familar with such things. 

What else must i do if it is really tunable?

Thanks
Christian
-- 

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: NFS TUNING: #define NFS3_MAXGROUPS

[Christian Fischer]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

On Sunday 26 September 2004 16:38, Christian Fischer wrote:
> Hello.
>
> Please can you tell me if  NFS_MAXGROUPS is tunable for linux kernel? (and
> is it safe?) I need more than 16 groups per user. For BSD-kernel it is a
> tunable constant (i think so) and I'm not so familar with such things.
>
> What else must i do if it is really tunable?
>
> Thanks
> Christian

Sorry, broken english.

Please can you tell me whether NFS_MAXGROUPS is tunable for linux kernel?

Thanks again
-- 

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: NFS TUNING: #define NFS3_MAXGROUPS

[Trond Myklebust]

På su , 26/09/2004 klokka 10:38, skreiv Christian Fischer:
> Hello.
> 
> Please can you tell me if  NFS_MAXGROUPS is tunable for linux kernel? (and is 
> it safe?) I need more than 16 groups per user. For BSD-kernel it is a tunable 
> constant (i think so) and I'm not so familar with such things. 
> 
> What else must i do if it is really tunable?

No, it is NOT tunable. The SunRPC protocol (rfc1831) states clearly that
the AUTH_SYS (a.k.a. AUTH_UNIX) structure is defined as

      struct authsys_parms {
         unsigned int stamp;
         string machinename<255>;
         unsigned int uid;
         unsigned int gid;
         unsigned int gids<16>;
      };

If the BSDs are playing around with that, then they are not adhering to
the protocol, and will be incompatible with all other SunRPC
implementations.

Cheers,
  Trond

Re: NFS TUNING: #define NFS3_MAXGROUPS

[Christian Fischer]

[-- Attachment #1: Type: text/plain, Size: 604 bytes --]

On Sunday 26 September 2004 18:10, Trond Myklebust wrote:

> No, it is NOT tunable. The SunRPC protocol (rfc1831) states clearly that
> the AUTH_SYS (a.k.a. AUTH_UNIX) structure is defined as
>
>       struct authsys_parms {
>          unsigned int stamp;
>          string machinename<255>;
>          unsigned int uid;
>          unsigned int gid;
>          unsigned int gids<16>;
>       };
>
> If the BSDs are playing around with that, then they are not adhering to
> the protocol, and will be incompatible with all other SunRPC
> implementations.

That's a pity. 
Christian
-- 

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: NFS TUNING: #define NFS3_MAXGROUPS

[Frank van Maarseveen]

On Sun, Sep 26, 2004 at 04:43:29PM +0200, Christian Fischer wrote:
> On Sunday 26 September 2004 16:38, Christian Fischer wrote:
> > Hello.
> >
> > Please can you tell me if  NFS_MAXGROUPS is tunable for linux kernel? (and
> > is it safe?) I need more than 16 groups per user. For BSD-kernel it is a
> > tunable constant (i think so) and I'm not so familar with such things.

That limit is hardcoded in the SUNRPC protocol (part of NFS) and
_cannot_ be changed: it is a fundamental constant in NFS with AUTH_UNIX
authentication. However, there is a trick to bypass this protocol
limitation, see http://www.frankvm.com/nfs-ngroups for a 2.4.x patch.

The 2.6.x patch is under development.

-- 
Frank

Re: NFS TUNING: #define NFS3_MAXGROUPS

[Christian Fischer]

[-- Attachment #1: Type: text/plain, Size: 1237 bytes --]

On Monday 27 September 2004 00:28, Frank van Maarseveen wrote:

> That limit is hardcoded in the SUNRPC protocol (part of NFS) and
> _cannot_ be changed: it is a fundamental constant in NFS with AUTH_UNIX
> authentication. However, there is a trick to bypass this protocol
> limitation, see http://www.frankvm.com/nfs-ngroups for a 2.4.x patch.
>
> The 2.6.x patch is under development.

Thanks for this link. It isn't no more necessary to patch anything since i've 
reduced the number of groups per uid to the limit. Well, i'd been reading the 
sunRPC rfc before, bringing a lot of trouble to me. 

The main problem was that users in the seventeenth (or higher) group (they 
should not have any permissions for this group because of NFS_MAXGROUPS) were 
able to change without permissions into those directories. I think a user or 
group should have permission or NOT, and not a "bit of permissions".  

Christian

root@terminalserver # ls -al /home/henry/shared/
[...]
drwxrws---    not_henry    17th_grp      work
[...]

henry@terminalserver # cd /home/henry/shared/work/
henry@terminalserver work # ls
ls: reading directory .: Permission denied

# groups henry
[...]   17th_grp   18th_grp   [...]
-- 

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]