[Date Prev][Date Next]
Re: posixGroup integrated with linux via nss
Scott Classen wrote:
I have a happily running LDAP installation (2.4.15) running on Fedora 8
with numerous other linux machines using it as a source of authentication
and name services.
I have a problem with group permissions. Most of my groups have less than
10 members, but I have a few super users that need to belong to many groups
(100-200) so that they can help individual users process their data. I can
easily add the super users to each group using ldapmodify or GQ, and when I
type "groups" or "id" in a terminal window as the super user I see that
they belong to all the groups. The problem come when I try to read the
contents of a directory that is owned by one of these secondary groups.
Maybe its a Fedora/Linux thing, but the super user only has read
permissions for the first 16 groups. The super user can not do an "ls -la
What is up with that?
That's a kernel limitation, any process can only belong to up to 16 secondary
Also can anyone recommend another way to achieve the one user/many groups
scenario using LDAP?
This doesn't seem to be an LDAP-specific question.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/