Date: Wed, 9 Aug 2000 22:00:20 +0400 From: "Artem Koutchine" <matrix@ipform.ru> To: <questions@FreeBSD.ORG> Subject: NGROUPS_MAX (apache in too many groups) Message-ID: <000e01c0022b$afef03a0$0c00a8c0@ipform.ru>
next in thread | raw e-mail | index | archive | help
I have a very fundumental question! Let me begin from afar. I am running apache with suEXEC and using a very strict permission model, so no owner of a virtual server can peek into others' directories. for example: if user dir is /hosts/virtual.com then i do chown user_id.group_id /hosts/virtual.com chmod -R o-rwx /hosts/virtual.com where group_id is the users' personal group. in this group only this user and apache_user exist. Apache is running as apache_user.apache_group I worked very fine, until i added the 16-th virtual doman. After than i started to get "Apache is in too many groups" error and the newer domain do not work. What i have figured out is that user cannot be in more than 16 groups (apache user is in more than 16) usr/include/sys/syslimits.h: #define NGROUPS_MAX 16 /* max supplemental group id's */ Now, i could change this limit to, say, 2048, but when i thought about it i realized that 2048 groups would slow down file access pretty bad because of the plain text lookup. So, the questions are: 1) Why somebody put 16 in here? Can i change it to anything i like? 2) How to make group lookups using something faster than plain text scan? Regards, Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c0022b$afef03a0$0c00a8c0>