[OmniOS-discuss] group membership trouble (ngroups_max)
Tobias Oetiker
tobi at oetiker.ch
Mon Jun 10 05:17:04 EDT 2013
Folks,
We are trying to implement a fileserver using OmniOS. The customer
has been on Linux until now, but ZFS seems VERY tempting.
The first problem we ran into is that OmniOS seems to limit the
number of groups per user to 16 by default. Setting ngroups_max to
128 in /etc/system seemd to take care of this.
Today we tried to 'go live' and had to abort because the system was
behaving erratically. Users who clearly do belong to a certain
group were refused access to a directory. While other users a
slighly different (larger) set of groups memberships could access
the directory just fine.
we will be happy to take out a support contract with OmniTI if this
will help us get the system to work as a file server for a user
population with up to 40 group memberships per person.
Below is some 'evidence':
----------------------------------------
elliott at fugu:/share>/bin/uname -a
SunOS fugu 5.11 omnios-d3950d8 i86pc i386 i86pc
----------------------------------------
elliott at fugu:/share>cat /etc/release
OmniOS v11 r151006
Copyright 2012-2013 OmniTI Computer Consulting, Inc. All rights
reserved.
Use is subject to license terms.
----------------------------------------
elliott at fugu:/share>/bin/id -a
uid=18204(elliott) gid=18904(speag) groups=18904(speag),18900(itis),18901(itis_ad),18906(speag_ad),18907(net_ad),18908(speag_sc),18909(lists),18910(models),18912(zmt),18916(isar_core),18021(support),18023(korea),18026(itis_temp),18030(netstor5_users),18031(netstor4_timemachine),18033(tmc_speag),18917(vpn),18036(netstor5_admin),18046(fugu-admins),18062(sandbox),18075(support-bldg),18076(support-it)
---------------------------------------
elliott at fugu:/share>/bin/ls itis-test
itis-test: Permission denied
---------------------------------------
elliott at fugu:/share>/bin/ls -dlv itis-test
drwxr-x--- 2 root itis 2 Jun 10 09:47 itis-test
0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/write_xattr/execute/read_attributes
/write_attributes/read_acl/write_acl/write_owner/synchronize:allow
1:group@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
2:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
---------------------------------------
elliott at fugu:/share>/bin/ls -lv itis-admin
itis-admin: Permission denied
---------------------------------------
elliott at fugu:/share>/bin/ls -dlv itis-admin
drwxrws---+ 4 root itis-admin 7 Jun 10 09:05 itis-admin
0:group:fugu-admins:list_directory/read_data/read_xattr/execute
/read_attributes/read_acl:allow
1:group:itis:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl:allow
2:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/write_xattr/execute/read_attributes
/write_attributes/read_acl/write_acl/write_owner/synchronize:allow
3:group@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/execute/read_attributes/read_acl
/synchronize:allow
4:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
More information about the OmniOS-discuss
mailing list