Hello,
The problem is that the number of groups for a given processus is a fixed structure. This means a Unix user, and hence a Savane user cannot be part of more than a given number of groups. The first solution at Savannah back in 2003 was to recompile the Linux kernel with more important number of groups per process. The second (unintentional) solution at Savannah was to use a CVS proxy that performs the appropriate setgid() call: only one group is assigned to the CVS process, not all the user's groups, so no limit is reached. About solution 1), I'm not sure. Any feedback? Does it interfers at some point? Solution 2) is impractical and is difficutly reproduceable to all services. A third solution would be to stop using groups and switch to ACLs. I'm not sure about the limits of ACLs though. A drawback of ACLs is that when a user quits a project, the whole projects need to be setfacl'd to remove the user from all the ACLs. However, you'll note that the group model does not fix this issue either: if a user is owner of a CVS directory, for example, he still can commit in it even if he's not part of the group anymore. So apparently chown/setfacl when a user leaves if a necessary constraint. I would love to hear about a fourth solution :) Any comments? What about some ACLs-enabled backend? Does Gna! has to bother about this issue or not yet? -- Sylvain Note: we have several users at Savannah with too much projects, _even if we removed the webgroups_ :) _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
