NFS and 16 group limitation
Cameron Simpson
cs at zip.com.au
Thu Aug 31 02:08:00 UTC 2006
On 30Aug2006 13:55, Waldher, Travis R <Travis.R.Waldher at boeing.com> wrote:
| Anyone have a way around it?
There's isn't one. What I used to do was choose the most important 15
groups for the user. At my former employer I ran a group db; it had the
nice hierachical nested group convenieces you'd want in a real
organisation. The NIS group mapping was computed from that data
structure. For users in more than 16 groups I would sort the groups on a
few criteria and choose the front 15 (one left over for the primary
group field).
Now, I had a few ways to tune that sort. The user had a PREFGROUPS field
in their db entry for groups they, personally, used. Groups could have a
GROUPUSED flag saying they were generally used. After that there was a
special purpose group tree we that got priority (because it only
contained groups used in filesystem permissions) then we chose
"top-level" groups over subgroups, then we had a group tree that came
last because they weren't used in filesystem permissions.
That normally gave use enough flexibility to work around the limit.
I suggest as a first cut that you keep the "real" full member as a
separate file, keep a table of users and the groups they must have
(which you fill out as users complain about specific accesses) and then
write simple "prune the full table" script to produce the pruned table.
You can add the extra levels of complexity as they become necessary.
Cheers,
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
Warning: Do not look into laser with remaining eye.
- Charlie Stross <charles at fma.com> <charlie at antipope.demon.co.uk>
More information about the Redhat-install-list
mailing list