Network and Storage Protocols

NFS 16 groups limit

oweinmann
3,721 Views

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

1 REPLY 1

oweinmann
3,721 Views

Oliver Weinmann schrieb:

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

Oliver Weinmann schrieb:

Hi,

we have come to a point where we can no longer use NFS if there is this 16 group limit. I read a few articles on the net to overcome this issue but using NFSv4 with Kerberos or ACL is not possible since we are still running a lot of SLES9 and Solaris 8 installations. Any other ideas? We are using mixed security since a few very very old programs really rely on unix security while all documents are written in microsoft office so we also need NTFS security. It's a really really special environment where development is carried out on Linux/Unix and the documentation is done on Windows PC's.

Any help or ideas would be appreciated.

After a long time I started investigating NFSv4 with SLES11 and Ubuntu 10.04. With NFSv4 32 groups are supported. Currently it is working without kerberos but using nfs4_getfacl doesn't correctly list the permissions.

creaing a file as user oweinmann:

oweinmann@ubuntutest:/mnt/nfsv4test$ touch file_oweinmann

oweinmann@ubuntutest:/mnt/nfsv4test$ ls -al

total 16

drwxr-xr-x 5 oweinmann domain users 4096 2011-11-14 09:52 .

drwxr-xr-x 4 root      root            0 2011-11-14 09:51 ..

-rw-r--r-- 1 oweinmann domain users    0 2011-11-14 09:52 file_oweinmann

Posix ACL looks fine. But I would expect the nfsv4 acl to reflect this as well:

root@ubuntutest:/mnt/nfsv4test# nfs4_getfacl /mnt/nfsv4test

A::OWNER@:rwaDxtTnNcCy

D::OWNER@:

A:g:GROUP@:rxtncy

D:g:GROUP@:waDTC

A::EVERYONE@:rxtncy

D::EVERYONE@:waDTC

Do I need kerberos in order for the ACL to show up correctly?

Regards,

Oliver

Public