Hello, I have a Sun 7000 series NAS device, I am trying to back it up via NFS mount on a Solaris 10 server running Networker 7.6.1. It works but it is extremely slow, I have tested other mounts and they work much faster. The only difference (that I can see) between the two mounts are the underlying file system zfs vs ufs. Any thoughts to speed up the backup of the Sun 7000 nfs mount? Thanks you. Mike MacNeil Global IT Infrastructure [cid:image001.gif at 01CBDF3D.6192F090] 4281 Harvester Rd. Burlington, ON l7l 5m4 Canada Phone: 905 632 2999 ext.2920 Fax: 905 632 2055 Email: mike.macneil at gennum.com www.gennum.com ________________________________ This communication contains confidential information intended only for the addressee(s). If you have received this communication in error, please notify us immediately and delete this communication from your mail box. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110310/6219ea8d/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1258 bytes Desc: image001.gif URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110310/6219ea8d/attachment-0001.gif>
Hi, Is it possible to run both CIFS and NFS on one file system over ZFS? Thanks. Fred -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110312/295648e7/attachment.html>
On Sat, Mar 12, 2011 at 7:42 PM, Fred Liu <Fred_Liu at issi.com> wrote:> Hi, > > > > Is it possible to run both CIFS and NFS on one file system over ZFS? > > > > > > Thanks. > > > > Fred >Yes, but managing permissions in that scenario is generally a nightmare. If you''re using NFSv4 with AD integration, it''s a bit more manageable, but it''s still definitely a work in progress. --Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110312/270863a1/attachment.html>
Tim, Thanks. Is there a mapping mechanism like what DataOnTap does to map the permission/acl between NIS/LDAP and AD? Thanks. Fred From: Tim Cook [mailto:tim at cook.ms] Sent: ???, ?? 13, 2011 9:53 To: Fred Liu Cc: zfs-discuss at opensolaris.org Subject: Re: [zfs-discuss] dual protocal on one file system? On Sat, Mar 12, 2011 at 7:42 PM, Fred Liu <Fred_Liu at issi.com<mailto:Fred_Liu at issi.com>> wrote: Hi, Is it possible to run both CIFS and NFS on one file system over ZFS? Thanks. Fred Yes, but managing permissions in that scenario is generally a nightmare. If you''re using NFSv4 with AD integration, it''s a bit more manageable, but it''s still definitely a work in progress. --Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110312/7e02e31a/attachment.html>
2011/3/12 Fred Liu <Fred_Liu at issi.com>> Tim, > > > > Thanks. > > > > Is there a mapping mechanism like what DataOnTap does to map the > permission/acl between NIS/LDAP and AD? > > > > Thanks. > > > > Fred > > > > *From:* Tim Cook [mailto:tim at cook.ms] > *Sent:* ???, ?? 13, 2011 9:53 > *To:* Fred Liu > *Cc:* zfs-discuss at opensolaris.org > *Subject:* Re: [zfs-discuss] dual protocal on one file system? > > > > > > On Sat, Mar 12, 2011 at 7:42 PM, Fred Liu <Fred_Liu at issi.com> wrote: > > Hi, > > > > Is it possible to run both CIFS and NFS on one file system over ZFS? > > > > > > Thanks. > > > > Fred > > > > > > Yes, but managing permissions in that scenario is generally a nightmare. > If you''re using NFSv4 with AD integration, it''s a bit more manageable, but > it''s still definitely a work in progress. > > > > > > --Tim >Yes. http://www.unix.com/man-page/OpenSolaris/1m/idmap/ --Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110312/9695e5f3/attachment.html>
> From: zfs-discuss-bounces at opensolaris.org [mailto:zfs-discuss- > bounces at opensolaris.org] On Behalf Of Mike MacNeil > > I have a Sun 7000 series NAS device, I am trying to back it up via NFSmount> on a Solaris 10 server running Networker 7.6.1.? It works but it isextremely> slow, I have tested other mounts and they work much faster.? The only > difference (that I can see) between the two mounts are the underlying file > system zfs vs ufs.? Any thoughts to speed up the backup of the Sun 7000nfs> mount?If possible, backup via zfs send | zfs receive instead. It''s about a million times faster than anything else in the world. If you have to backup over nfs, be sure to explicitly exclude the .zfs directory. Aside from that, I''m not aware of any reason nfs (read-only operations) would be slow on zfs instead of ufs. I have plenty of zfs-backed nfs services that run and perform well. Perhaps there''s a strange incompatibility between the networker nfs client, and the nfs server? You might do some packet sniffing just to see what operations are taking a long time.
> From: zfs-discuss-bounces at opensolaris.org [mailto:zfs-discuss- > > Is it possible to run both CIFS and NFS on one file system over ZFS?Yes. I do.
> From: zfs-discuss-bounces at opensolaris.org [mailto:zfs-discuss- > bounces at opensolaris.org] On Behalf Of Fred Liu > > Is there a mapping mechanism like what DataOnTap does to map the > permission/acl between NIS/LDAP and AD?There are a lot of solutions available. But if you don''t already have a solution in hand, you can certainly waste a lot of time figuring it all out. Here''s what I do: Solaris server used Kerberos to authenticate against AD. I use NIS (could use LDAP) to maintain a consistent mapping of UID/GID/other posix information. This could be either linux/solaris/or windows AD server. Set up time sync so you''re always in-sync with AD time. You can enable nfs by setting the sharenfs property on the filesystem, or by editing dfstab (and running the share command) You could use the built-in cifs server, but I prefer samba. Join the AD domain with samba (net join)... Use DOMAIN or ADS.
On Mar 12, 2011, at 20:59, Tim Cook wrote:> 2011/3/12 Fred Liu <Fred_Liu at issi.com> > >> Tim, >> >> Thanks. >> >> Is there a mapping mechanism like what DataOnTap does to map the >> permission/acl between NIS/LDAP and AD? > > Yes. > http://www.unix.com/man-page/OpenSolaris/1m/idmap/This appears to be only for OpenSolaris/Solaris 11, and not Solaris 10. Or am I missing something? Some good information on the (Open)Solaris CIFS server, and AD integration, is available at: http://blogs.sun.com/timthomas/entry/a_quick_look_solaris_cifs http://blogs.sun.com/nico/entry/dealing_with_windows_sids_in http://blogs.sun.com/wdp/entry/windows_interoperability (Hopefully blogs.sun.com will be archived some place when sun.com is "decommissioned" on June 1.)
On Mar 13, 2011, at 11:15 AM, David Magda wrote:> > On Mar 12, 2011, at 20:59, Tim Cook wrote: > >> 2011/3/12 Fred Liu <Fred_Liu at issi.com> >> >>> Tim, >>> >>> Thanks. >>> >>> Is there a mapping mechanism like what DataOnTap does to map the >>> permission/acl between NIS/LDAP and AD? >> >> Yes. >> http://www.unix.com/man-page/OpenSolaris/1m/idmap/ > > This appears to be only for OpenSolaris/Solaris 11, and not Solaris 10. Or am I missing something?Correct. The in-kernel CIFS service is not ported to Solaris 10. For a Solaris 10 solution, you need to use Samba.> Some good information on the (Open)Solaris CIFS server, and AD integration, is available at: > > http://blogs.sun.com/timthomas/entry/a_quick_look_solaris_cifs > http://blogs.sun.com/nico/entry/dealing_with_windows_sids_in > http://blogs.sun.com/wdp/entry/windows_interoperability > > (Hopefully blogs.sun.com will be archived some place when sun.com is "decommissioned" on June 1.)Hopefully... -- richard
> From: zfs-discuss-bounces at opensolaris.org [mailto:zfs-discuss- > bounces at opensolaris.org] On Behalf Of Richard Elling > > >> Yes. > >> http://www.unix.com/man-page/OpenSolaris/1m/idmap/ > > > > This appears to be only for OpenSolaris/Solaris 11, and not Solaris 10.Or am> I missing something? > > Correct. The in-kernel CIFS service is not ported to Solaris 10. For aSolaris 10> solution, you need to use Samba.Just for clarity: The in-kernel CIFS service is indeed available in solaris 10. But idmap is not. I think Richard is saying if you want to have a consistent directory mapping across multiple machines (which is usually necessary if you''re sharing both cifs and nfs) then in solaris 10 you need to use samba. It''s not that in-kernel cifs isn''t available, it''s that idmap isn''t available.
On 14/03/11 11:13 PM, Edward Ned Harvey wrote:>> From: zfs-discuss-bounces at opensolaris.org [mailto:zfs-discuss- >> bounces at opensolaris.org] On Behalf Of Richard Elling >> >>>> Yes. >>>> http://www.unix.com/man-page/OpenSolaris/1m/idmap/ >>> >>> This appears to be only for OpenSolaris/Solaris 11, and not Solaris 10. > Or am >> I missing something? >> >> Correct. The in-kernel CIFS service is not ported to Solaris 10. For a > Solaris 10 >> solution, you need to use Samba. > > Just for clarity: > The in-kernel CIFS service is indeed available in solaris 10.Are you really, really sure about that? Please point the RFE number which tracks the inclusion in a Solaris 10 Update. I''d also like to know where you''re getting your information from on this topic. James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog
> From: James C. McPherson [mailto:jmcp at opensolaris.org] > Sent: Monday, March 14, 2011 9:20 AM > > > Just for clarity: > > The in-kernel CIFS service is indeed available in solaris 10. > > Are you really, really sure about that? Please point the RFE number > which tracks the inclusion in a Solaris 10 Update. > > I''d also like to know where you''re getting your information from > on this topic.Really really sure? No, because I don''t use it. I wouldn''t stake my life on the man page being error-free. But I do know this: I have a solaris 10u8 box I''m logged into right now. man zfs shows that sharesmb is available as an option. I suppose I could be wrong, if either the man page is wrong, or if I''m incorrectly assuming the zfs sharesmb property uses the in-kernel cifs daemon.
On 14/03/11 11:26 PM, Edward Ned Harvey wrote:>> From: James C. McPherson [mailto:jmcp at opensolaris.org] >> Sent: Monday, March 14, 2011 9:20 AM >> >>> Just for clarity: >>> The in-kernel CIFS service is indeed available in solaris 10. >> >> Are you really, really sure about that? Please point the RFE number >> which tracks the inclusion in a Solaris 10 Update. >> >> I''d also like to know where you''re getting your information from >> on this topic. > > Really really sure? No, because I don''t use it. I wouldn''t stake my > life on the man page being error-free. But I do know this: > > I have a solaris 10u8 box I''m logged into right now. man zfs shows > that sharesmb is available as an option. I suppose I could be wrong, > if either the man page is wrong, or if I''m incorrectly assuming the zfs > sharesmb property uses the in-kernel cifs daemon.That''s a big leap to make. On my Solaris 11 system I see this: $ svcs \*smb\* STATE STIME FMRI online Mar_11 svc:/network/smb/client:default online Mar_11 svc:/network/shares/group:smb online Mar_11 svc:/network/smb/server:default I seriously doubt you''ll see anything similar on your S10U8 system. http://download.oracle.com/docs/cd/E19253-01/816-5166/6mbb1kqo8/index.html quote:: # nbmand.... This SMB related property is not fully functional in the Oracle Solaris 10 release because the Oracle Solaris SMB server is not supported in the Oracle Solaris 10 release. ... # sharesmb.... Note that the Oracle Solaris SMB service is not supported in the Oracle Solaris 10 release. ... ::endquote James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog
On Mon, Mar 14, 2011 at 9:26 AM, Edward Ned Harvey <opensolarisisdeadlongliveopensolaris at nedharvey.com> wrote:> I have a solaris 10u8 box I''m logged into right now. ?man zfs shows that sharesmb is > available as an option. ?I suppose I could be wrong, if either the man page is wrong, > or if I''m incorrectly assuming the zfs sharesmb property uses the in-kernel cifs daemon.I made the same (incorrect) assumption months ago. The data structure is there in ZFS to support the CIFS server, but the kernel support is NOT in Solaris 10. There is an excellent blog entry (which I do not have a link to at the moment) which explains why. Essentially it comes down to the CIFS server being a kernel layer module and the Solaris 10 kernel not having enough understanding of CIFS (AD) security. That functionality was added to the kernel with Solaris 11 (and is a big enough change that it will not be back ported into the Solaris 10 kernel). -- {--------1---------2---------3---------4---------5---------6---------7---------} Paul Kraus -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) -> Sound Coordinator, Schenectady Light Opera Company ( http://www.sloctheater.org/ ) -> Technical Advisor, RPI Players
> From: Paul Kraus [mailto:paul at kraus-haus.org] > > > I have a solaris 10u8 box I''m logged into right now. ?man zfs shows that > sharesmb is > > available as an option. ?I suppose I could be wrong, if either the manpage is> wrong, > > or if I''m incorrectly assuming the zfs sharesmb property uses thein-kernel> cifs daemon. > > I made the same (incorrect) assumption months ago. > > The data structure is there in ZFS to support the CIFS server, but > the kernel support is NOT in Solaris 10. There is an excellent blog > entry (which I do not have a link to at the moment) which explains > why. Essentially it comes down to the CIFS server being a kernel layer > module and the Solaris 10 kernel not having enough understanding of > CIFS (AD) security. That functionality was added to the kernel with > Solaris 11 (and is a big enough change that it will not be back ported > into the Solaris 10 kernel).So if you were to enable the sharesmb property on a zfs filesystem in sol10, you just get an error or something? I don''t want to test it on my live system, nor do I want to go to the effort of building a VM just to test this... Nor would I use it, even if it did work. ;-) But I''m curious.
On Mon, Mar 14, 2011 at 9:26 PM, Edward Ned Harvey <opensolarisisdeadlongliveopensolaris at nedharvey.com> wrote:> So if you were to enable the sharesmb property on a zfs filesystem in sol10, > you just get an error or something?Nope. The command succeeds and the flag gets set on the dataset. Since there is no kernel process to read the flag and act on it, nothing happens (at least, that is my experience).> I don''t want to test it on my live system, nor do I want to go to the effort > of building a VM just to test this... ?Nor would I use it, even if it did > work. ? ;-) ? But I''m curious.Oh, I *wanted* it to work, and can''t wait for S11 to actually be able to use it in production (the shop I work in does not use OpenSolaris or Solaris Express in production). -- {--------1---------2---------3---------4---------5---------6---------7---------} Paul Kraus -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) -> Sound Coordinator, Schenectady Light Opera Company ( http://www.sloctheater.org/ ) -> Technical Advisor, RPI Players
> From: Paul Kraus [mailto:paul at kraus-haus.org] > > > So if you were to enable the sharesmb property on a zfs filesystem insol10,> > you just get an error or something? > > Nope. The command succeeds and the flag gets set on the dataset. > Since there is no kernel process to read the flag and act on it, > nothing happens (at least, that is my experience).hehehehe. Silent fail. The best type of fail. ;-) BTW, what is the advantage of the kernel cifs server as opposed to samba? It seems, years ago, somebody must have been standing around and saying "There is a glaring deficiency in samba, and we need to solve it." I can see a few glaring deficiencies in the other direction too - but I''d like to know the differences more clearly.
On Tue, Mar 15, 2011 at 11:00 PM, Edward Ned Harvey <opensolarisisdeadlongliveopensolaris at nedharvey.com> wrote:> BTW, what is the advantage of the kernel cifs server as opposed to samba? > It seems, years ago, somebody must have been standing around and saying > "There is a glaring deficiency in samba, and we need to solve it."Complete integration with AD/NTFS from the client perspective. In other words, the Sun CIFS server really does look like a genuine NTFS volume shared via CIFS in terms of ACLs. Snapshots even show up as "previous versions" in explorer. I have never seen SAMBA provide more than just authentication integration with AD. The in kernel CIFS server is also supposed to be much faster, although I have not tested that yet. -- {--------1---------2---------3---------4---------5---------6---------7---------} Paul Kraus -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) -> Sound Coordinator, Schenectady Light Opera Company ( http://www.sloctheater.org/ ) -> Technical Advisor, RPI Players
On Mar 16, 2011, at 8:13 AM, Paul Kraus <paul at kraus-haus.org> wrote:> On Tue, Mar 15, 2011 at 11:00 PM, Edward Ned Harvey > <opensolarisisdeadlongliveopensolaris at nedharvey.com> wrote: > >> BTW, what is the advantage of the kernel cifs server as opposed to samba? >> It seems, years ago, somebody must have been standing around and saying >> "There is a glaring deficiency in samba, and we need to solve it." > > Complete integration with AD/NTFS from the client perspective. In > other words, the Sun CIFS server really does look like a genuine NTFS > volume shared via CIFS in terms of ACLs. Snapshots even show up as > "previous versions" in explorer. > > I have never seen SAMBA provide more than just authentication > integration with AD. > > The in kernel CIFS server is also supposed to be much faster, > although I have not tested that yet.Samba has all those features as well. It has native support for different platform ACLs (Linux/Solaris/BSD) and supports mapping POSIX perms with platform ACLs to present a quasi NT ACL that reflects the native permissions of the host. Samba even has modules for mapping NT RIDs to Nix UIDs/GIDs as well as a module that supports "Previous Versions" using the hosts native snapshot method. The one glaring deficiency Samba has though, in Sun''s eyes not mine, is that it runs in user space, though I believe that''s just the cover song for "It wasn''t invented here". -Ross
On Wed, Mar 16, 2011 at 9:48 AM, Ross Walker <rswwalker at gmail.com> wrote:> Samba has all those features as well. It has native support for different platform ACLs > (Linux/Solaris/BSD) and supports mapping POSIX perms with platform ACLs to present > a quasi NT ACL that reflects the native permissions of the host.Can you point to documentation that describes how to get SAMBA to present ZFS ACLs as native NTFS ACLs ? Including properly handling AD groups and allowing for full management of the ACLs from the client side.> Samba even has modules for mapping NT RIDs to Nix UIDs/GIDs as well as a module that > supports "Previous Versions" using the hosts native snapshot method.But... if SAMBA has native AD authentication, and the underlying OS can authenticate against AD, why do we need to have native Unix accounts for the SAMBA users ?> The one glaring deficiency Samba has though, in Sun''s eyes not mine, is that it runs in > user space, though I believe that''s just the cover song for "It wasn''t invented here".Given the performance difference I have seen between in kernel and user space NFS server processes, I expect the in kernel CIFS service to be substantially faster than a user space service. Our current performance limitation is at the SAMBA layer. For me this is not academic, as we have a large file server (20 TB and over 400 million files) that needs to be presented to the end users as one share (for some reasonably good business reasons). By policy we need a solution that we can get support on, so assembling a solution out various open source modules is not acceptable. We also need to keep the configuration as simple as possible for future manageability. We are currently using Solaris 10 with SAMBA and have some usability issues as follows. 1. need to manage Solaris as well as AD users/groups 2. Unix / Solaris limitation of 16 / 32 group membership 3. ACL management (must be done on the Solaris side) and visibility 4. performance (especially with many small files) We can solve some of the above with SAMBA, but we are hoping that the Sun CIFS server in Solaris 11 resolves all of these issues. We start testing with Solaris 11 Express shortly. -- {--------1---------2---------3---------4---------5---------6---------7---------} Paul Kraus -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) -> Sound Coordinator, Schenectady Light Opera Company ( http://www.sloctheater.org/ ) -> Technical Advisor, RPI Players
> From: Paul Kraus [mailto:paul at kraus-haus.org] > > > Samba even has modules for mapping NT RIDs to Nix UIDs/GIDs as well as a > module that > > supports "Previous Versions" using the hosts native snapshot method. > > But... if SAMBA has native AD authentication, and the underlying > OS can authenticate against AD, why do we need to have native Unix > accounts for the SAMBA users ?You say "native" unix accounts, but that doesn''t have a clear meaning - All the account info can be stored locally or remotely in a directory service, or even locally in a caching directory service ... And multiple services can be combined together, as long as all the relevant pieces of information come from *some* where. And as long as any unavailable pieces of information are not necessary to satisfy any of the system''s intended purposes. For example, I have one system which authenticates via Kerberos to AD, and uses a NIS service, without any password, home directory, or shell information, just to synchronize the username/UID/GID on a system which is a fileserver and not intended for user logon. If you run CIFS and you don''t run NFS, then you don''t need anything beyond the AD server. The CIFS server can locally generate all the posix details as necessary, and all the separate unix/linux systems on the network can all do the same - And none of the UID''s will match between systems - and that''s ok because no system will care about the UID of any user account on any other system. If you have a CIFS and NFS server, then you need some way of unifying all the POSIX information - username to UID, GID, home dir, and shell. Etc. By default, AD doesn''t have any such information in it - Yes you can add UNIX services to AD, or extend the schema in various ways, and then distribute that information via LDAP or NIS or some other directory services, but the point remains, if you''re authenticating via Kerberos, you still need an additional directory service to make the POSIX information consistent across all the unix/linux NFS machines. AFAIK, posix information is not something that Kerberos can be used for.> We are currently using Solaris 10 with SAMBA and have some > usability issues as follows. > > 1. need to manage Solaris as well as AD users/groupsI have a similar setup. Solaris 10 and Samba uses AD Kerberos for authentication, but also uses NIS for POSIX. At one site, the NIS server is the Windows AD server. At another (independent) site, the NIS server is a linux machine. Both the windows & linux NIS servers have some pros/cons versus each other. This need does not disappear when you use a kernel cifs server.> 2. Unix / Solaris limitation of 16 / 32 group membership > 3. ACL management (must be done on the Solaris side) and visibility > 4. performance (especially with many small files) > > We can solve some of the above with SAMBA, but we are hoping that > the Sun CIFS server in Solaris 11 resolves all of these issues. We > start testing with Solaris 11 Express shortly.I don''t think you''re going to eliminate #2. #3 and #4, perhaps the kernel cifs server might be better than samba. Or vice-versa. ;-) I don''t know.
On Thu, March 17, 2011 09:53, Edward Ned Harvey wrote:>> From: Paul Kraus [mailto:paul at kraus-haus.org][...]>> 2. Unix / Solaris limitation of 16 / 32 group membership >> 3. ACL management (must be done on the Solaris side) and visibility >> 4. performance (especially with many small files) >> >> We can solve some of the above with SAMBA, but we are hoping that >> the Sun CIFS server in Solaris 11 resolves all of these issues. We >> start testing with Solaris 11 Express shortly. > > I don''t think you''re going to eliminate #2. > #3 and #4, perhaps the kernel cifs server might be better than samba. Or > vice-versa. ;-) I don''t know.#2 is fixed in OpenSolaris as of snv_129: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4088757 The new limit is 1024--the same maximum number of groups as Windows supports. Unlikely that it will be back ported to Solaris 10 though (it changes a bunch of structures which could break compatibility). Details in PSARC 2009/542, work done by Casper Dik.
On 3/17/2011 8:11 AM, David Magda wrote:>>> From: Paul Kraus [mailto:paul at kraus-haus.org] > [...] >>> 2. Unix / Solaris limitation of 16 / 32 group membership > > #2 is fixed in OpenSolaris as of snv_129: > > http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4088757 > > The new limit is 1024--the same maximum number of groups as Windows > supports. Unlikely that it will be back ported to Solaris 10 though (it > changes a bunch of structures which could break compatibility). Details in > PSARC 2009/542, work done by Casper Dik.My employer, $bank, has been promised that fix in Sol 10. Promises are not patches, however ;-) -- Carson
> From: David Magda [mailto:dmagda at ee.ryerson.ca] > > >> 2. Unix / Solaris limitation of 16 / 32 group membership > >> > > I don''t think you''re going to eliminate #2. > > #2 is fixed in OpenSolaris as of snv_129: > > The new limit is 1024--the same maximum number of groups as Windows > supports. Unlikely that it will be back ported to Solaris 10 though (itIf you''re doing NFS, just be careful that all the NFS clients support the same. If you have any solaris 10 clients, or pre-129 osol, or any linux which doesn''t support it ... Then there are problems. Which is why I said I don''t think you''re going to eliminate #2.
On Fri, March 18, 2011 08:28, Edward Ned Harvey wrote:> From: David Magda [mailto:dmagda at ee.ryerson.ca] >> #2 is fixed in OpenSolaris as of snv_129: >> >> The new limit is 1024--the same maximum number of groups as Windows >> supports. Unlikely that it will be back ported to Solaris 10 though (it > > If you''re doing NFS, just be careful that all the NFS clients support the > same. If you have any solaris 10 clients, or pre-129 osol, or any linux > which doesn''t support it ... Then there are problems. > > Which is why I said I don''t think you''re going to eliminate #2.This is mentioned in the PSARC:> As part of this case, we''re change the "AUTH_SYS" semantics for RPC; > rather than failing for users in more than 16 groups, we''d prefer to > copy the semantics of others: just drop the additional groups and > perform the operation with a reduced set of groups.http://arc.opensolaris.org/caselog/PSARC/2009/542/20091008_casper.dik It also gives this URL which has the limits for various Unix systems: http://www.j3e.de/ngroups.html Legacy is legacy, but a lot of systems are now raising the limit, so it be ''fixed'' in a decade or so. :)