Nicolas Williams wrote: > On Mon, Oct 12, 2009 at 05:47:12PM +0200, Casper.Dik at Sun.COM wrote: >>> If you use NTFS ACLs that include deny entries this differs. > > That's true, but there's just not much we can do about AUTH_SYS, and as > Casper says, "AUTH_SYS is a security risk in itself". > >>> As we are talking about older NFS versions that do not support NTFS ACLs, >>> it seems >>> to be not a security risk to truncate the list. > > NFSv4 ACLs are very much like NTFS ACLs, particularly in that they can > have DENY ACEs. > >> The only other issue is that truncating may cause unexplained permission >> issues. However, not truncating the gid list requires the administrator >> to give all users at most 16 groups or they won't be able to use NFS. > > Specifically it may cause non-deterministic behavior. Sorting the group > list will cause deterministic behavior, but that is probably worse. > Ideally we could just wave our hands and make AUTH_SYS go away. But we > can't. What we can do though is this: the NFS server could look up the > group memberships of the UID asserted by an AUTH_SYS client.
That would actually help in a few edge case configs even when the group list is less than 16. Having AUTH_SYS just ignore the supplementary groups all together and collect them itself would be useful - but likely a performance impact since now we need a nameservice lookup. -- Darren J Moffat
