unpack_nt_owners fails with owner S-1-5-32-544
David Collier-Brown
davec-b at rogers.com
Wed Oct 25 19:03:16 GMT 2006
tridge at samba.org wrote:
> > Non-Linux systems still have the silly limitations on the number of
> > groups one can belong to, so **do** set both in the acl: even with
> > the limits it preserves correctness.
>
> I know that silly setgroups() limitation is annoying, but I can't
> actually see how it applies at all in this case, or how it affects
> correctness in ACLs. We don't do setgroups() when evaluating an ACL,
> and neither does the kernel.
I was speaking about ACLs for groups, which are limited by the
same silly limit on the number of groups: the acl that should
let me open the file might refer to my 33rd secondary group
out of 32.
ACLs on users, on the other hand, scale **in that dimension**
without limits.
Alas, the number of ACEs looks like a scalability problem
in a different dimension, and may well be a good reason
to not do it... sigh (;-))
--dave
ps: Jeremy's solution is the correct one: remove the limit!
I'm still on the interest list for that bug...
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
(416) 223-5943
More information about the samba-technical
mailing list