Followup to: <1026936556.25347.48.camel@UberGeek>
By author: Austin Gonyou <austin@digitalroadkill.net>
In newsgroup: linux.dev.kernel
>
> The problem now is more one of maintenance. Most distributions do not
> support groups > 32 AFAIK. So, it's lead me to ask the following
> questions:
>
> 1. Why, in general, is the limit so low?
> For specific application, mainly auditing and such, this would be
> advantageous I think.
>
Mostly to cap the amount of storage to maintain in kernel space, and
for historical reasons.
> 2. What is required to limit the dependence on groups to just GLIBC or
> just the kernel? Is that even possible?
The main problem is programs who do things like:
gid_t mygroups[NGROUPS];
Other than that, it should all be in kernel space. According to
POSIX, the NGROUPS above really should be sysconf(_SC_NGROUPS_MAX) --
NGROUPS_MAX is defined as a *guaranteed minimum* of
sysconf(_SC_NGROUPS_MAX). Obviously there needs to be a kernel ->
libc interface for the sysconf.
FWIW, POSIX specifies:
Application writers should note that {NGROUPS_MAX} is not
necessarily a constant on all implementations.
(glibc has #define NGROUPS NGROUPS_MAX).
> 3. Is there any true advantage to supporting more than 32 groups, or
> creating "meta-groups" to get around the problem?
There probably is.
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot." http://www.zytor.com/~hpa/puzzle.txt <amsp@zytor.com> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jul 23 2002 - 22:00:24 EST