7 groups bug summary

From: Daryl Crandall (daryl@dash.mitre.org)
Date: Thu Mar 01 1990 - 16:24:41 CST

This a good explanation of the 7 groups bug. I thank all who answered,
especially those that gave a good detailed explanation of the cause and why I
had not experienced the problem.

From: Laura Pearlman <pearlman%moose@rand.org>
Received: by bobcat; Wed, 28 Feb 90 14:52:45 PST
Date: Wed, 28 Feb 90 14:52:45 PST
Message-Id: <9002282252.AA01565@bobcat>
To: daryl%mdf@mwunix.mitre.org
Subject: Re: seven groups bug
Newsgroups: rcc.sunmgrs
In-Reply-To: <4326@tp4.rand.org>
Organization: RAND Corporation, Santa Monica
X-Mdf: daryl <Crandall, Daryl O> re-routed to "daryl@gateway.mitre.org"
Status: RO

> What is this idea of a bug when one is entered in more than seven groups?
> What are the symptoms?

People in more than eight groups will find that their NFS accesses
sometimes fail with the message:

        NFS lookup failed for server <server>: RPC: Authentication error

> What are the causes?

There are two "number of groups" constants in the unix kernel. One is
called NGROUPS, and is the number of groups that a process can be in
at one time. The other is called NGRPS, and is the maximum number of
groups that a system providing rpc services expects in a client
authorization structure. When a client makes a request of a server,
it builds an authentication structure that contains the number of
groups the process requesting the service is in, or the client's own
NGRPS, whichever is smaller. If a server receives an authorization
structure containing more groups than the server's NGRPS, the rpc
service will be denied with an authentication error.

On Suns running 4.0 or later, NGROUPS and NGRPS are both 16. On many
other systems (including pre-4.0 SunOS), NGROUPS and NGRPS are both 8.
If you had, say, some Sun fileservers running 3.5 and others running
4.0.3, you should have problems accessing files on the 3.5 systems
from the 4.0.3 systems, but you shouldn't have problems accessing
files on the 4.0.3 systems from anywhere, and you shouldn't have
problems accessing files on the 3.5 systems from other 3.5 systems.

> This department runs SunOS-4.0.3 on 40 Suns (sun3 sun4 sun4c) and
> I have been listed in 10 groups (see below) for many months and have
> experienced no problems.

Since all of your systems are running 4.0.3 (and thus have the same
NGRPS value), you won't have this problem.

                -- Laura

Thanks to Laura.

        Daryl Crandall
        The MITRE Corporation
        (703) 883-7278

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:05:56 CDT