WARNING to those running Samba on OpenIndiana or other Illumos based systems with > 16 groups

Andrew Bartlett abartlet at samba.org
Tue Apr 23 18:31:20 MDT 2013


Just a heads-up, because this bug took me absolutely ages to chase down,
and I want to save others the same pain.

Samba is perhaps the most prominent reason why you might find a user in
more than 16 groups on a Unix system, and so this bug may at first
appear to be a 'Samba issue' (that certainly is why it found it's way to
my attention :-)

https://www.illumos.org/issues/3691

In short, unless the group list we supply to setgroups() is sorted, if
there are more than 16 groups, the Illumos kernel fails to honour some
of the groups.  Presumably there is a bisection search being done. 

The symptom for Samba users is that as a user is added to more groups,
they loose access to folders they previously had access too. 

Attached is a total hack that appears to resolve the issue, but the real
fix needs to be in glibc or the kernel. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: setgroups.patch
Type: text/x-patch
Size: 1954 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130424/8de0ad4e/attachment.bin>


More information about the samba-technical mailing list