NFS permission strangeness
Rick Macklem
rmacklem at uoguelph.ca
Fri Apr 16 13:53:23 UTC 2010
On Fri, 16 Apr 2010, Giulio Ferro wrote:
>
> Yes, I have more than 16 groups, 22 actually...
>
> However I still think this might be a NFS problem, since when I login on
> the server machine I can access that directory all right, the problem arises
> only when I try to access that dir in the client machine...
>
The problem is that the specification of the RPC header used by NFS for
authentication unless you are using krb5 is limited to a gid + 16
additional groups (a lot of implementations put the gid in the first
entry of the additional groups list, so 16 is the safe limit and 17
might work). So, you could call it a problem w.r.t. the specification
of the RPC protocol that is used for NFS RPCs, but it would be a bug
in the implementation to handle more than the 16 additional groups.
(Admittedly, it just silently truncates at 16, but I don't think
automatically failing an RPC with more than 16 groups in its cred
would be better?)
So, yes, it is an NFS problem, but intrisic to the protocol spec, rick
More information about the freebsd-stable
mailing list