On Feb 12, 2009, at 8:17 PM, Da Rock wrote:
I've been following this thread with interest: are you saying FreeBSD
logins cannot handle more than 16 groups? If so, why? Is this
by using other authentication methods (ie kerberos, ldap, etc)?
There's a compile-time limit of the relevant kernel data structures as
to how many groups a user can be in, described by "sysctl
kern.ngroups". It's possible to recompile the kernel with a larger
number, but doing so will break NFS (and possibly other things). It
doesn't matter whether you use Kerberos, LDAP, etc to set up the
groups; while those things do not have a 16-group limit, the FreeBSD
kernel  does.
With reasonable organization, and appropriate use of sudo or setgid
binaries for things like people who use SVN or CVS, there generally
isn't reason or need for a user to be in so many groups. For the
exceptional cases, switching to using a full ACL system rather than
the traditional Unix permission model is probably going to be a better
: And almost all other Unixes...
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"