Tuesday, February 2, 2010

NFS and the 16-group limit

I learned something new today: it appears that the underlying authorization mechanism used by NFS limits your group membership to 16 groups. From http://bit.ly/cBhU8N:

NFS is built on ONC RPC (Sun RPC). NFS depends on RPC for authentication and identification of users. Most NFS deployments use an RPC authentication flavor called AUTH_SYS (originally called AUTH_UNIX, but renamed to AUTH_SYS).

AUTH_SYS sends 3 important things:

  • A 32 bit numeric user identifier (what you'd see in the UNIX /etc/passwd file)
  • A 32 bit primary numeric group identifier (ditto)
  • A variable length list of up to 16 32-bit numeric supplemental group identifiers (what'd you see in the /etc/group file)

We ran into this today while diagnosing a weird permissions issue. Who knew?

Posted by at 3:13 PM
Labels: , , ,

1 comments:

  1. Whoa. Wes and I just ran into the *same exact thing* just now. Took us forever to figure out what the problem was. Then I googled "nfs group limit", and lo-and-behold, a blog entry on the first page of results, from a mere 10 days ago, from a guy who used to sit in the very office I'm sitting in right now! Small nerdy world, eh? :)
    ReplyDelete

Subscribe to: Post Comments (Atom)