NFS permission strangeness
Ivan Voras
ivoras at freebsd.org
Fri Apr 16 13:56:45 UTC 2010
On 04/16/10 16:07, Rick Macklem wrote:
>
>
> On Fri, 16 Apr 2010, Giulio Ferro wrote:
>
>>
>> Yes, I have more than 16 groups, 22 actually...
>>
>> However I still think this might be a NFS problem, since when I login on
>> the server machine I can access that directory all right, the problem
>> arises
>> only when I try to access that dir in the client machine...
>>
> The problem is that the specification of the RPC header used by NFS for
> authentication unless you are using krb5 is limited to a gid + 16
> additional groups (a lot of implementations put the gid in the first
> entry of the additional groups list, so 16 is the safe limit and 17
> might work). So, you could call it a problem w.r.t. the specification
> of the RPC protocol that is used for NFS RPCs, but it would be a bug
> in the implementation to handle more than the 16 additional groups.
> (Admittedly, it just silently truncates at 16, but I don't think
> automatically failing an RPC with more than 16 groups in its cred
> would be better?)
>
> So, yes, it is an NFS problem, but intrisic to the protocol spec, rick
Can NFSv4 get around it?
More information about the freebsd-net
mailing list