Thank you to all who responded. I am going with 32 as the limit. It means we have to re-organise our company filing plan. I am told I can get around this by using ACLS and moving to LDAP but this was not meant to be part of the the solution.
For interest's sake, this is the summary of my current users' group memberships (1 group per job number):
# following is a group list showing for each job # the users which have read/write access to that job # there are 5430 groups: j0001 to j5430 # there are 661 users: u0001 to u0661
# ** JOBS # 5430 jobs, average 5.78 users per job # jobs with 1-9 users: 4723 # jobs with 10-99 users: 698 # jobs with 100-999 users: 9 # jobs with 1000-9999 users: 0 # jobs with 10000-99999 users: 0 # # ** USERS # 661 users, average 47.45 jobs per user # users with 1-9 jobs: 242 # users with 10-99 jobs: 351 # users with 100-999 jobs: 64 # users with 1000-9999 jobs: 4 # users with 10000-99999 jobs: 0
We currently run this group setup on FreeBSD servers (with modified kernel) with samba for CIFS access and it works very well - too much work to change :(
Regards Francois
Mike Eisler wrote:
ONTAP (WAFL really) supports a maximum of 32 supplemental group ids in a credential, plus the one primary group id.
NFS over AUTH_SYS (aka weak authentication, sec=sys on the exportfs command line) is limited to 16 supplemental groups.
NFS over Kerberos authentication (sec=krb5) is limited by WAFL to 32 supplemental group ids.
I am 100% sure.
My blog has more details.