unpack_nt_owners fails with owner S-1-5-32-544

David Collier-Brown davec-b at rogers.com
Wed Oct 25 19:03:16 GMT 2006

tridge at samba.org wrote:
>  >    Non-Linux systems still have the silly limitations on the number of
>  > groups one can belong to, so **do** set both in the acl: even with
>  > the limits it preserves correctness.
> I know that silly setgroups() limitation is annoying, but I can't
> actually see how it applies at all in this case, or how it affects
> correctness in ACLs. We don't do setgroups() when evaluating an ACL,
> and neither does the kernel. 

	I was speaking about ACLs for groups, which are limited by the
	same silly limit on the number of groups: the acl that should
	let me open the file might refer to my 33rd secondary group
	out of 32.

	ACLs on users, on the other hand, scale **in that dimension**
	without limits.

	Alas, the number of ACEs looks like a scalability problem
	in a different dimension, and may well be a good reason
	to not do it...  sigh (;-))

ps: Jeremy's solution is the correct one: remove the limit!
     I'm still on the interest list for that bug...
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain
(416) 223-5943

More information about the samba-technical mailing list