Date: Fri, 16 Apr 2010 10:07:13 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Giulio Ferro <auryn@zirakzigil.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: NFS permission strangeness Message-ID: <Pine.GSO.4.63.1004161002080.2259@muncher.cs.uoguelph.ca> In-Reply-To: <4BC81EB2.9070107@zirakzigil.org> References: <4BC72276.6080003@zirakzigil.org> <Pine.GSO.4.63.1004152023580.845@muncher.cs.uoguelph.ca> <4BC81EB2.9070107@zirakzigil.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 16 Apr 2010, Giulio Ferro wrote: > > Yes, I have more than 16 groups, 22 actually... > > However I still think this might be a NFS problem, since when I login on > the server machine I can access that directory all right, the problem arises > only when I try to access that dir in the client machine... > The problem is that the specification of the RPC header used by NFS for authentication unless you are using krb5 is limited to a gid + 16 additional groups (a lot of implementations put the gid in the first entry of the additional groups list, so 16 is the safe limit and 17 might work). So, you could call it a problem w.r.t. the specification of the RPC protocol that is used for NFS RPCs, but it would be a bug in the implementation to handle more than the 16 additional groups. (Admittedly, it just silently truncates at 16, but I don't think automatically failing an RPC with more than 16 groups in its cred would be better?) So, yes, it is an NFS problem, but intrisic to the protocol spec, rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.1004161002080.2259>