[email protected] (Edgar =?iso-8859-1?B?RnXf?=) writes: >> Of course. But will it do what you want? >I don't understand your concerns.
>My intention was to let the NFS client run the modified kernel with a raised >group limit. Then, the process in question will be a member of more than 16 >secondary groups which will enable it to access files readable for these >groups, be it on NFS or not. That's not true. >Where is the NFS server involved? Enforcing >access limits is the client's business, isn't it? The standard method is to use AUTH_UNIX for authentication of the underlying SunRPC protocol. That method sends UID/GID and the GID list from the client to the server which evaluates them. The SunRPC protocol can transmit a list of 16 GIDs. If the kernel keeps a longer list, it gets truncated. You could patch the RPC code to use a larger list, but that is incompatible with other NFS implementations and you need to modify client and server. The alternative is to use something instead of AUTH_UNIX. Do you volunteer to implement it (or port FreeBSD's NFS code) ?
