Network Storage Protocols Discussions

NFS 16 groups limit

oweinmann

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

1 REPLY 1

oweinmann

Oliver Weinmann schrieb:

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

Oliver Weinmann schrieb:

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

After a long time I started investigating NFSv4 with SLES11 and Ubuntu 10.04. With NFSv4 32 groups are supported. Currently it is working without kerberos but using nfs4_getfacl doesn't correctly list the permissions.

creaing a file as user oweinmann:

oweinmann@ubuntutest:/mnt/nfsv4test$ touch file_oweinmann

oweinmann@ubuntutest:/mnt/nfsv4test$ ls -al

total 16

drwxr-xr-x 5 oweinmann domain users 4096 2011-11-14 09:52 .

drwxr-xr-x 4 root      root            0 2011-11-14 09:51 ..

-rw-r--r-- 1 oweinmann domain users    0 2011-11-14 09:52 file_oweinmann

Posix ACL looks fine. But I would expect the nfsv4 acl to reflect this as well:

root@ubuntutest:/mnt/nfsv4test# nfs4_getfacl /mnt/nfsv4test

A::OWNER@:rwaDxtTnNcCy

D::OWNER@:

A:g:GROUP@:rxtncy

D:g:GROUP@:waDTC

A::EVERYONE@:rxtncy

D::EVERYONE@:waDTC

Do I need kerberos in order for the ACL to show up correctly?

Regards,

Oliver

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public