NGROUPS limit

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Dec 5 08:56:04 GMT 2008


On Thu, Dec 04, 2008 at 12:10:07PM +0100, miguel.sanders at arcelormittal.com wrote:
> I am experimenting with the new Samba 3.2.4 (currently we
> have 3.0.30 deployed) on our AIX boxes and I am
> experiencing some issues with the OS NGROUPS limit.
> Furthermore, my Windows user has more than 128 group
> memberships (which is the NGROUPS limit for AIX).
> 
> However, in my Samba 3.0.30 environment this is no problem
> whereas in Samba 3.2.4 this poses a problem:
> The log states
> 
> [2008/12/04 12:00:53,  0] lib/util.c:smb_panic(1663)
>   PANIC (pid 553208): sys_setgroups failed
> 
> Any idea on how this different behaviour can be explained?

If we can't tell the kernel about all the groups a user is
member of, it can become a security problem if we continue
if your file system happens to have negative ACLs. So we
just stop. It *is* a problem in 3.0.30, because spurious
access denied errors might happen that should not. It is
just not as obvious.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20081205/b1bdaf80/attachment.bin


More information about the samba-technical mailing list