unpack_nt_owners fails with owner S-1-5-32-544
David Collier-Brown
davec-b at rogers.com
Thu Oct 26 12:29:13 GMT 2006
tridge at samba.org wrote:
> David,
>
> > I was speaking about ACLs for groups, which are limited by the
> > same silly limit on the number of groups: the acl that should
> > let me open the file might refer to my 33rd secondary group
> > out of 32.
>
> I may be being a bit slow, but I still don't understand this.
>
> Do you mean that if you have a ACL containing 33 group ACEs, that a
> user who is a member of less than 32 groups that overlap with that
> list of groups in the ACEs will not get correct behaviour when
> accessing the file?
No, just a group acl for group foo, where foo is the 33d
out of the 32 I'm allowed by Slolaris/Hockey-PUX/whatever.
>
> I know that if the user is a member of more than 32 groups that the
> list of groups they are a member of is truncated. That however has
> absolutely nothing to do with any ACL code. It results from the fact
> that initgroups()/setgroups() will truncate the list of supplementary
> group ids to fit the fixed sized array in the task structure for the
> process. That happens completely independently of whether any ACL is
> being used at all.
Yes, that's exactly it. It doesn't directly affect ACLs
at all, just limits how **useful** group acls are.
--dave
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
(416) 223-5943
More information about the samba-technical
mailing list