Re: [RFC] Groups beyond 32

From: H. Peter Anvin (hpa@zytor.com)
Date: Wed Jul 17 2002 - 18:36:35 EST


Followup to: <1026936556.25347.48.camel@UberGeek>
By author: Austin Gonyou <austin@digitalroadkill.net>
In newsgroup: linux.dev.kernel
>
> The problem now is more one of maintenance. Most distributions do not
> support groups > 32 AFAIK. So, it's lead me to ask the following
> questions:
>
> 1. Why, in general, is the limit so low?
> For specific application, mainly auditing and such, this would be
> advantageous I think.
>

Mostly to cap the amount of storage to maintain in kernel space, and
for historical reasons.

> 2. What is required to limit the dependence on groups to just GLIBC or
> just the kernel? Is that even possible?

The main problem is programs who do things like:

gid_t mygroups[NGROUPS];

Other than that, it should all be in kernel space. According to
POSIX, the NGROUPS above really should be sysconf(_SC_NGROUPS_MAX) --
NGROUPS_MAX is defined as a *guaranteed minimum* of
sysconf(_SC_NGROUPS_MAX). Obviously there needs to be a kernel ->
libc interface for the sysconf.

FWIW, POSIX specifies:

      Application writers should note that {NGROUPS_MAX} is not
      necessarily a constant on all implementations.

(glibc has #define NGROUPS NGROUPS_MAX).

> 3. Is there any true advantage to supporting more than 32 groups, or
> creating "meta-groups" to get around the problem?

There probably is.

      -hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt	<amsp@zytor.com>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Jul 23 2002 - 22:00:24 EST