Re: Changing maximum number of groups in FBSD - is it feasible?
On Sat, Dec 10, 2005 at 09:26:36AM +1030, Ian Moore wrote: So it actually does work! And there's no need to adjust or re-compile any ports, just world and kernel? World, kernel, static linked ports and all ports which use NGROUPS_MAX constant for space allocation. Samba worked fine for me without recompilation :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Changing maximum number of groups in FBSD - is it feasible?
On Thursday 08 December 2005 19:00, Igor Robul wrote: On Wed, Dec 07, 2005 at 01:48:04PM -0500, Michael P. Soulier wrote: On 12/7/05, Ian Moore [EMAIL PROTECTED] wrote: Hi, I'm toying with the idea of increasing the maximum number of groups a user can belong to on one of my servers - we have a rather complex organisation and we're hitting the 15 group limit for some people. Have you considered cascading groups? That's the normal workaround on Enterprise Unix systems like HP-UX and Solaris. Instead of putting everyong in group, do this instead. group:*:100:group1,group2 group1:*:101:user1,user2 group2:*:102:user3, user4 AFAIK FreeBSD (and Linux) does not support nested groups (I'm not sure about POSIX) :-( Well, there goes that idea! So you can use ACLs (as I do now), or you can recompile world/kernel with changed syslimits.h: syslimits.h:#define NGROUPS_MAX16 as I did with FreeBSD-4.X. But be careful on system upgrading. You need compile both world and kernel because these limits get compiled to libc, kernel and some static linked utilite and some static linked utilites.. So it actually does work! And there's no need to adjust or re-compile any ports, just world and kernel? Cheers, -- Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc pgpiFlMAqSVK4.pgp Description: PGP signature
Re: Changing maximum number of groups in FBSD - is it feasible?
On Wed, Dec 07, 2005 at 01:48:04PM -0500, Michael P. Soulier wrote: On 12/7/05, Ian Moore [EMAIL PROTECTED] wrote: Hi, I'm toying with the idea of increasing the maximum number of groups a user can belong to on one of my servers - we have a rather complex organisation and we're hitting the 15 group limit for some people. Have you considered cascading groups? That's the normal workaround on Enterprise Unix systems like HP-UX and Solaris. Instead of putting everyong in group, do this instead. group:*:100:group1,group2 group1:*:101:user1,user2 group2:*:102:user3, user4 AFAIK FreeBSD (and Linux) does not support nested groups (I'm not sure about POSIX) :-( So you can use ACLs (as I do now), or you can recompile world/kernel with changed syslimits.h: syslimits.h:#define NGROUPS_MAX16 as I did with FreeBSD-4.X. But be careful on system upgrading. You need compile both world and kernel because these limits get compiled to libc, kernel and some static linked utilite and some static linked utilites.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Changing maximum number of groups in FBSD - is it feasible?
On Wed, 7 Dec 2005, Ian Moore wrote: Hi, I'm toying with the idea of increasing the maximum number of groups a user can belong to on one of my servers - we have a rather complex organisation and we're hitting the 15 group limit for some people. There seems to be differing opinions on how to do this and if it's actually feasible. One post I found said: in src/sys/sys/syslimits.h there is a constant named 'NGROUPS_MAX'. change it to however many you need (within reason), rebuild/install world and kernel. Another said you have to change all sorts of things in the source, modify a kernel parameter, rebuild world and rebuild any port that uses NGROUPS - which probably means a portupgrade -fa. There is talk of a maxgroups() parameter in the kernel, but NOTES makes no mention of this. I wonder too if some apps would need their own configuration altered to allow them to work with the higher limit. So I just wanted to ask if anyone has successfully raised the NGROUPS_MAX limit, especially when running samba nfs on the system? If not, I'll work around the problem a different way. (BTW I'm running 5.4-RELEASE) Cheers, -- Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc Ian, Since you are running FreeBSD 5.x, have you considered using ACLs? See the handbook section 14.12. Jon pgpRQFNRzSigg.pgp Description: PGP signature
Re: Changing maximum number of groups in FBSD - is it feasible?
On 12/7/05, Ian Moore [EMAIL PROTECTED] wrote: Hi, I'm toying with the idea of increasing the maximum number of groups a user can belong to on one of my servers - we have a rather complex organisation and we're hitting the 15 group limit for some people. Have you considered cascading groups? That's the normal workaround on Enterprise Unix systems like HP-UX and Solaris. Instead of putting everyong in group, do this instead. group:*:100:group1,group2 group1:*:101:user1,user2 group2:*:102:user3, user4 Thus, the users are all transitively in group, and you work around the limit. Mike -- Michael P. Soulier [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Changing maximum number of groups in FBSD - is it feasible?
On Wednesday 07 December 2005 17:41, Ian Moore wrote: Hi, I'm toying with the idea of increasing the maximum number of groups a user can belong to on one of my servers - we have a rather complex organisation and we're hitting the 15 group limit for some people. There seems to be differing opinions on how to do this and if it's actually feasible. One post I found said: in src/sys/sys/syslimits.h there is a constant named 'NGROUPS_MAX'. change it to however many you need (within reason), rebuild/install world and kernel. Another said you have to change all sorts of things in the source, modify a kernel parameter, rebuild world and rebuild any port that uses NGROUPS - which probably means a portupgrade -fa. There is talk of a maxgroups() parameter in the kernel, but NOTES makes no mention of this. I wonder too if some apps would need their own configuration altered to allow them to work with the higher limit. So I just wanted to ask if anyone has successfully raised the NGROUPS_MAX limit, especially when running samba nfs on the system? If not, I'll work around the problem a different way. (BTW I'm running 5.4-RELEASE) Cheers, Ian, Since you are running FreeBSD 5.x, have you considered using ACLs? See the handbook section 14.12. Have you considered cascading groups? That's the normal workaround on Enterprise Unix systems like HP-UX and Solaris. Instead of putting everyong in group, do this instead. group:*:100:group1,group2 group1:*:101:user1,user2 group2:*:102:user3, user4 Thus, the users are all transitively in group, and you work around the limit. Mike Thanks for the suggestions guys. I had considered ACLs as one possible workaround and I'd said to a mate of mine gee, it'd be really good if you could make a group a member of another group, not thinking you actually could do that! That's very handy. Since there doesn't seem to be anyone so far that's saying they have successfully increased the group limit, it looks like I'll be using one of those workarounds Cheers, -- Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc pgpdlQUdmJnl0.pgp Description: PGP signature
