bothe@net4.UUCP (05/31/89)
After boot, I cannot mount or unmount nfs-filesystems. ERRORMSG: URPC: authunix_create_default: too many groups Invoked at boot time (fstab) all does go rigth! The same message occures at "rup" My System: a TARGON/35 (PYRAMID) with TOS 3.3 (ATT V.2.2 + Berk 4.3) Earlier releases (TOS 3.1, 3.2) showed the same error can anyone tell me, where the error comes from ?
steve@polyslo.CalPoly.EDU (Steve DeJarnett) (06/07/89)
In article <10000002@net4> bothe@net4.UUCP writes: >After boot, I cannot mount or unmount nfs-filesystems. >ERRORMSG: URPC: authunix_create_default: too many groups > >Invoked at boot time (fstab) all does go rigth! > >The same message occures at "rup" > >My System: a TARGON/35 (PYRAMID) with >TOS 3.3 (ATT V.2.2 + Berk 4.3) >Earlier releases (TOS 3.1, 3.2) showed the same error > >can anyone tell me, where the error comes from ? This is a "problem" with NFS (actually, I think the problem is actually due to a limitation in a table size in the RPC stuff somewhere, but I'm not positive). Basically, there's a table that holds a list of all of the groups you belong to. Some far-sighted individual at Sun (I suspect) decided long ago that no one in their right minds would be in more than 8 groups, so they set the maximum number of groups to 8 (I suspect that there's an array lurking in the code that is predefined to have only 8 entries). What appears to be happening is that your account 'root' (or some other uid-0 account you're trying to do this from) belongs to more than 8 groups, and when trying to do NFS-related work, it dies because of an RPC error due to the fact that you belong to > 8 groups. I suspect the easiest solution would be to take root out of most of the groups it belongs to (since root really doesn't need to belong to dozens of groups to obtain access to files). This should put you back under the 8 group limit, and everything should work correctly. I'm told that more recent versions of NFS/RPC have this limitation removed from them, but I don't know this for certain, as I only belong to 7 groups on our Suns :-). Hope that helps some (I also hope I didn't make any major screwups in the description). ------------------------------------------------------------------------------- | Steve DeJarnett | Smart Mailers -> steve@polyslo.CalPoly.EDU | | Computer Systems Lab | Dumb Mailers -> ..!ucbvax!voder!polyslo!steve | | Cal Poly State Univ. |------------------------------------------------| | San Luis Obispo, CA 93407 | BITNET = Because Idiots Type NETwork | -------------------------------------------------------------------------------
guy@bootme.auspex.com (Guy Harris) (06/07/89)
> This is a "problem" with NFS (actually, I think the problem is > actually due to a limitation in a table size in the RPC stuff somewhere, but > I'm not positive). You are correct. The "UNIX" flavor of authentication in ONC RPC has, as documented in older versions of the protocol spec, room for 10 groups. (No, not 8 - see below.) > Basically, there's a table that holds a list of all of the groups you > belong to. Some far-sighted individual at Sun (I suspect) decided long > ago that no one in their right minds would be in more than 8 groups, At the time they did that, no one *could* be in more than 8 groups! This was before 4.3BSD came out; 4.2BSD allowed only 8 groups in a group set. Along came 4.3BSD, and the group size was bumped to 16, leaving RPC somewhat up a creek. > I'm told that more recent versions of NFS/RPC have this limitation > removed from them, but I don't know this for certain, as I only belong to 7 > groups on our Suns :-). The SunOS 4.0 version, and the ONC/NFS 4.0 version derived from it (the ONC/NFS versions are the ones distributed as ONC/NFS source to licensees) bumped it to 16, which, while it does break the protocol as specified in some documents: 1) should work if both sides are really talking the updated protocol, supporting 16 groups; 2) will probably work even if the server *isn't* talking the updated protocol, *as long as the client side user's group set has 10 or fewer members* (otherwise, "xdr_array" will probably complain bitterly that the array sent over the wire has too many members - it's not clear how it could do better, since the server may have to discard some of the groups; which ones should it choose?). I think the 10 is correct; the "Remote Procedure Calls: Protocol Specification" document in the ONC/NFS 4.0 documentation indicates that the group set has 10 members, not 8 members, and, as I remember, the pre-4.0 code actually allowed for 10 members. The ONC/RPC protocol has been published as an Internet RFC; the first version, RFC1050, also specifies 10 members, but the second version, RFC1057, specifies 16 members. I assume this means the protocol is officially considered to have been been "fixed" to handle 16-member group sets.
cs@Sun.COM (Carl Smith) (06/07/89)
> From: steve@polyslo.CalPoly.EDU (Steve DeJarnett) > Subject: Re: authunix_create_default: tooo many > > This is a "problem" with NFS (actually, I think the problem is > actually due to a limitation in a table size in the RPC stuff somewhere, but > I'm not positive). Basically, there's a table that holds a list of all of > the groups you belong to. Some far-sighted individual at Sun (I suspect) > decided long ago that no one in their right minds would be in more than 8 > groups, so they set the maximum number of groups to 8 (I suspect that there's > an array lurking in the code that is predefined to have only 8 entries). > What appears to be happening is that your account 'root' (or some other uid-0 > account you're trying to do this from) belongs to more than 8 groups, and > when trying to do NFS-related work, it dies because of an RPC error due to > the fact that you belong to > 8 groups. > > I'm told that more recent versions of NFS/RPC have this limitation > removed from them, but I don't know this for certain, as I only belong to 7 > groups on our Suns :-). > > Hope that helps some (I also hope I didn't make any major screwups in > the description). Esentially correct. Early versions of the RPC authentication code believed in a maximum of 8 groups (by the way, this number for the maximum number of groups to which a user may belong came from 4.2BSD, not Sun). The RPC protocol itself specifies a maximum of 10 groups in AUTH_UNIX-style authentication. Through the incredible naivete of some people at Sun who should have known better, this number was changed to 16 in SunOS 4.x and NFSSRC 4.0. You are seeing the more benign of those affects. Other programs (those less inclined to do range checking than the kernel) may dump core when confonted with more than 8 groups. To ensure interoperability among the myriad NFS implementation in the world today, use the most restrictive assumption (i.e., no more than 8 groups). We will fix this when the RPC protocol itself is revved. Carl