From owner-freebsd-standards@FreeBSD.ORG Sat Nov 29 18:00:37 2003 Return-Path: Delivered-To: freebsd-standards@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65C0916A4CE; Sat, 29 Nov 2003 18:00:37 -0800 (PST) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D04443F75; Sat, 29 Nov 2003 18:00:34 -0800 (PST) (envelope-from bde@zeta.org.au) Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id NAA05495; Sun, 30 Nov 2003 13:00:26 +1100 Date: Sun, 30 Nov 2003 13:00:26 +1100 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Samy Al Bahra In-Reply-To: <20031130002340.57e5fb60.samy@kerneled.com> Message-ID: <20031130123237.Y3720@gamplex.bde.org> References: <20031126021321.GA55417@dragon.nuxi.com> <20031126132013.E72053@gamplex.bde.org> <20031130002340.57e5fb60.samy@kerneled.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-standards@freebsd.org cc: obrien@freebsd.org Subject: Re: Why is max groups set so low (16)? X-BeenThere: freebsd-standards@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Standards compliance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Nov 2003 02:00:37 -0000 On Sun, 30 Nov 2003, Samy Al Bahra wrote: > On Wed, 26 Nov 2003 13:37:15 +1100 (EST) > Bruce Evans wrote: > > > The binary compatibility problems seem to be small. libc doesn't have > > any references at all to NGROUPS_MAX except in man pages, but that is > > partly because it mostly misspells NGROUPS_MAX as NGROUPS. > > This isn't a misspelling, param.h defines the following: > #define NGROUPS NGROUPS_MAX /* max number groups */ I mean that it is an archaice spelling. It is the BSD spelling of NGROUPS_MAX so it should not be used in any code written since the latter was standardized 15 years ago. > > getgroups(2) and setgroups(2) are limited by whatever the kernel > > wants, not by their API, although their documentation says that there > > is a compile-time limit > > setgroups does not allow a user to be in a a greater number of groups > than NGROUPS. It references this macro directly, meaning, it is a > compile-time limit. > > Could you elaborate on what you mean exactly by "whatever the kernel > wants"? setgroups() is in the kernel, so it can easily be compiled using a different value of setgroups(). Applications just need to pass a gidset array with all the groups that they want and it will work provided the kernel supports that many. OTOH, a bad API that required setgroups() to pass a (pointer to a) gidset array of precisely NGROUPS_MAX elements would not work. Similarly for getgroups(). It returns the number of groups that there are, so applications can use dynamic allocation to make the array large enough. However, the guarantee that the number is <= NGROUPS_MAX encourages applications to used fixed-size arrays. Bruce