WARNING to those running Samba on OpenIndiana or other Illumos based systems with > 16 groups

Andrew Bartlett abartlet at samba.org
Tue Apr 23 18:31:20 MDT 2013

Just a heads-up, because this bug took me absolutely ages to chase down,
and I want to save others the same pain.

Samba is perhaps the most prominent reason why you might find a user in
more than 16 groups on a Unix system, and so this bug may at first
appear to be a 'Samba issue' (that certainly is why it found it's way to
my attention :-)


In short, unless the group list we supply to setgroups() is sorted, if
there are more than 16 groups, the Illumos kernel fails to honour some
of the groups.  Presumably there is a bisection search being done. 

The symptom for Samba users is that as a user is added to more groups,
they loose access to folders they previously had access too. 

Attached is a total hack that appears to resolve the issue, but the real
fix needs to be in glibc or the kernel. 

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: setgroups.patch
Type: text/x-patch
Size: 1954 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130424/8de0ad4e/attachment.bin>

More information about the samba-technical mailing list