James Youngman wrote: > >> That is usually necessary but not always sufficient, for example see > >> http://blogs.sun.com/peteh/date/20050614 > ... > Precisely; the number of supplementary groups may not be small, yet > the 16-group limit for NFS is very common. An implementation limit > which is almost universal is something for which one can't usefully > say "fix your implementation".
Sure. But it's nothing that affect programs that are run as root and then drop privileges in a particular way. The number of supplementary groups is quite commonly less than 16. In those cases where it is not, the users will notice that also with regular "cp" and "cat" commands they cannot access the files to which they should have access, and will reduce the number of their supplementary groups. So this is a problem that system administrators who assign groups to users need to worry about. But programs that drop privileges will hardly stumble into this problem, except if they want to add particular groups and the user is already at the limit of 16 supplementary groups. Bruno
