>It depends.... If you use the withdrawn POSIX ACL draft, then by truncating
>the
>list you will potentially get less permissions.
>
>If you use NTFS ACLs that include deny entries this differs.
>
>As we are talking about older NFS versions that do not support NTFS ACLs, it
>seems
>to be not a security risk to truncate the list.
Well, it could be.
You're in groups 0 .. 16 (17 total)
There's a file in group 16, mode rw----rw-.
However, AUTH_SYS is a security risk in itself and it's easy to fake any
group list or uid. Adding a small security issue to a gaping hole isn't
worth losing sleep over.
The only other issue is that truncating may cause unexplained permission
issues. However, not truncating the gid list requires the administrator
to give all users at most 16 groups or they won't be able to use NFS.
Casper
