Getting around 16 unix group limitation

David Collier-Brown davecb at
Wed Nov 10 17:32:43 GMT 1999

You wrote:
| Our situation is that users only see the Solaris 2.6 server via
Samba -
| i.e.. no user has telnet or general unix access to the server. Is
there a
| way using Samba to allow users to belong to more than 16 secondary
| groups (i.e. bypassing the underlying unix group limitation). I am
| that you can increase the number of groups in Solaris to 32 by
| parameters but because we also use NIS and NFS this is not a
| solution.

	Hmmn, if this is an nfs server, you're out of luck...

	If it's just a samba server, and the nis master, you
	can apply the 32-groups hack, and the samba users (only)
	will get the benefit.

	Formally, the groups mechanism isn't sufficient for 
	general access control: Multics needed groups AND
	acls to do the job.  Unix removed the complex stuff,
	including the acls, and extended the groups mechanism
	to add back some of what was lost.

	This means that you're effectively stuck with controlling
	access with acls.  Acls, alas, are ugly and hard to understand.
	Even Multics acls were immensely confusing to me...

	Perhaps we might think about providing a better interface
	for the command line: I can make sense of the acls when
	I look at them via File manager File->Properties->
	Show Access List->Add so there's no reason why it shouldn't be 
	as easy to do as a command.  or, since this is the Samba
	list, via a web page reachable from SWAT (;-))

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   |
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at

More information about the samba mailing list