2.4.0-test5 [PATCH]: bypass ngroups limitation (16) in NFS/RPC protocol

From: Frank van Maarseveen (F.vanMaarseveen@inter.NL.net)
Date: Wed Aug 02 2000 - 16:41:43 EST

Next message: Michael H. Warfield: "Re: FW: Crypto"
Previous message: Mike A. Harris: "Re: [OFFTOPIC]Re: FW: Crypto"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The RPC layer used by the NFS client restricts the number
of groups to 16. This seems to be a hard protocol limit. The
patch below gets around this limitation by implementing
a group id cache in the RPC layer.

Permission checking is still done at the server but now
the secondary group list is truncated in a more intelligent
way. A similar effect could be achieved when the user calls
setgroups() to reorder the secondary group list based on
the exepected UNIX permission checks performed at the server
(AUTH_UNIX). Of course that is not possible unless you're root.
If RPC is going to truncate the secondary group list then we
might just as well choose the groups from the group list.

The fast path is for processes with <16 groups of course.

comments? flames?

-- Frank

text/plain attachment: nfs-ngroups.patch

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael H. Warfield: "Re: FW: Crypto"
Previous message: Mike A. Harris: "Re: [OFFTOPIC]Re: FW: Crypto"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:09 EST