So I am having to solve and re-visit this problem... I've tried various OSes (Solaris10/Opensolaris/MacOSX/Debian) and ngroup_max settings, some work for local filesystems but not over NFSv4.
Has anyone overcome this problem of being limited to 16 groups over NFS?
---------- Post updated at 03:46 PM ---------- Previous update was at 09:37 AM ----------
I've been given a hint to use AUTH_DH: Diffie-Hellman authentication over NFS to achieve more than 16 group permissions...
So I've been trying my hardest but can not get the keys and authentication set up correctly for this to work. My attempt with:
hangs forever! Could someone explain how I set up these authentication keys on the server and client for this to work, please?
I am running NIS, on the NFS server I have in the /etc/dfs/dfstab
On each server and client I've run newkey -h server/client and I've even done this on the NIS master and pumped the keys out using the publickey file. Nothing seems to be working... why? Am I missing out a step here? Help or hints will be appreciated!
One thought is to make absolutely sure you are mounting using NFS Version 4 by specifiying that in the mount line, .e.g:
Or amend /etc/default/nfs to prevent the system dropping back to NFS V3 or V2 (a bit drastic though).
The other suggestion is confirm that the kernel change has been picked up by running:
in order to check what the kernel reports the maximum number of groups to be. Saying that on boot you get a warning message about having more than 16 groups will break with NFS V3 which should be obvious enough.
The increasing of the number of groups is only a case of putting the line into /etc/system, e.g.:
and rebooting, it is not a hack but a long recognised but little used configuration change due to the NFS problem.
Two suggestions:
1. Make an alternative mount point to /mnt, e.g. /mount and try it.
2. Can the NFS server ping the client by name and can the NFS client ping the server by name? If not then either put their names and IP addresses in the each ends hosts files or else put them into the NIS hosts table.
If still no success then what does running:
show you when run on the client?
1. Done this and it does not work (so mount point /mnt is not the problem).
2. Yes, and yes. In fact a normal NFS share (without the sec=dh) shares and mounts (on /mnt) no problems. So I assume it is all to do with keys and AUTH_DH authentication and the mounting method. Anyone got any suggestions on how to do this..?
Recently I did what I was hesitant to do for years, I purged all forum Underground (UG) members who had not been active within a certain period.
We need to change the UG membership criteria (from mod voting) and create a new criteria for UG membership which is not based on "voting" because mods... (13 Replies)
Hi,
As per my knowledge, the maximum number of groups that can be allocated to a folder (in Solaris 10) is 16. But I wonder how this rule is applicable to folders which are mounted on NFS which can be accessed by 100s of groups? or is there is a restriction present? I have never handled such a... (5 Replies)
Discussion started by: poga
5 Replies
3. Post Here to Contact Site Administrators and Moderators
On Solaris, a user is limited to being a member of a maximum of 16 groups. Could someone tell me where this limit comes from, i.e. is it NIS, or Solaris, or NFS that is imposing this limit?
What is the work-around to remove this limitation? (4 Replies)
I have a unix box which runs as a webserver and ftp server. I have a user account for a friend and while I trust him, I noticed that he can view directories above his own "web" folder which is his default directory.
I'm still trying to understand users/groups and privileges so bear with me if... (2 Replies)
Discussion started by: creyc
2 Replies
6. Post Here to Contact Site Administrators and Moderators