I think the NIS problems with /etc/group could be solved in the following way:
1. Implement a cache for the initgroups library call that is so frequently used to find all groups a user belongs to. This will also improve general performance without NIS since the search of the complete /etc/groups file does not have to be repeated again and again. 2. Create a new NIS map group.byuid that provides a list of groups for a given uid. That list can be generated during the generation of the NIS maps. 3. Modify the library subroutine to consult that new map instead of rereading the complete group.byname map. The cache should be fairly simple to implement, but the consultation of that new map might be quite complex for situations in which /etc/group includes only a subset of the NIS /etc/group contents. INITGROUPS(3) Linux Programmer's Manual INITGROUPS(3) NAME initgroups - initialize the supplementary group access list SYNOPSIS #include <grp..h> #include <sys/types.h> int initgroups(const char *user, gid_t group); DESCRIPTION The initgroups() function initializes the group access list by reading the group database /etc/group and using all groups of which user is a member. The additional group group is also added to the list. RETURN VALUE {}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{} {} Snail Mail: FTS Box 466, 135 N.Oakland Ave, Pasadena, CA 91182 {} {} FISH Internet System Administrator at Fuller Theological Seminary {} {}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{} PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5