sys_setgroups in samba-3.3.X fails, cause a panic

miguel.sanders at miguel.sanders at
Fri Aug 7 03:10:29 MDT 2009


I experienced the same for AIX (NGROUPS_MAX=128) and I just commented the panic call and changed it to a debug message. 
FYI the panic call is in sec_ctx.c on line 260

Met vriendelijke groet
Best regards
Bien à vous

ArcelorMittal Gent

UNIX Systems & Storage
IT Supply Western Europe | John Kennedylaan 51
B-9042 Gent

T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
E miguel.sanders at

-----Oorspronkelijk bericht-----
Van: samba-technical-bounces at [mailto:samba-technical-bounces at] Namens Zhou Weikuan
Verzonden: vrijdag 7 augustus 2009 5:19
Aan: samba-technical
Onderwerp: sys_setgroups in samba-3.3.X fails, cause a panic

Hi All,
Samba-3.3 updates source3/smbd/sec_ctx.c, checks the return value of sys_setgroups, panic if sys_setgroups fails. This is OK for linux platforms, because from linux-2.6.4, NGROUP_MAX in linux support at most 65535 groups(32 groups before linux-2.6.4), it should be enough for most cases. But for Solaris, this has a much more possibility to cause a panic, solaris only support at most 16 groups.
There must be some reasons that samba should check the return value and panic if fails, yet the commit doesn't shed enough information. Does anyone here like to help me understand what is the problem if we still follow the original way to handle failure of sys_setgroup? Why is the failure so severe that we must panic instead of any other handlings. Could we switch to other methods? For example, check the number of groups first, and if it exceeds the limit NGROUP_MAX, just truncate the groups and then call sys_setgroups? 


Zhou Weikuan 

This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights. 
If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited. 
Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient. 
This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.  

More information about the samba-technical mailing list