unpack_nt_owners fails with owner S-1-5-32-544

David Collier-Brown davec-b at rogers.com
Thu Oct 26 12:29:13 GMT 2006

tridge at samba.org wrote:
> David,
>  > 	I was speaking about ACLs for groups, which are limited by the
>  > 	same silly limit on the number of groups: the acl that should
>  > 	let me open the file might refer to my 33rd secondary group
>  > 	out of 32.
> I may be being a bit slow, but I still don't understand this.
> Do you mean that if you have a ACL containing 33 group ACEs, that a
> user who is a member of less than 32 groups that overlap with that
> list of groups in the ACEs will not get correct behaviour when
> accessing the file?

	No, just a group acl for group foo, where foo is the 33d
	out of the 32 I'm allowed by Slolaris/Hockey-PUX/whatever.
> I know that if the user is a member of more than 32 groups that the
> list of groups they are a member of is truncated. That however has
> absolutely nothing to do with any ACL code. It results from the fact
> that initgroups()/setgroups() will truncate the list of supplementary
> group ids to fit the fixed sized array in the task structure for the
> process. That happens completely independently of whether any ACL is
> being used at all.
	Yes, that's exactly it.  It doesn't directly affect ACLs
	at all, just limits how **useful** group acls are.

David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain
(416) 223-5943

More information about the samba-technical mailing list