[高難度] 問題請教!如何修改Linux的32個Secondary groups 限制？

MAXidea

OS: Whitebox Enterprise Linux 3.0 Respin 2 IA32e
Kernel: kernel 2.4.21-27.EL-AppleTalk
Question:
I create a admin user UID/GID is 501 and Secondary groups is 502 to 533.
The problem is admin user not able to change all file/folder owned by GID 533.
Cool! I found that was a limit of 32 secondary groups under linux!

But I don't know how to change it! Could you please ask me how to do?
Thanks in advance!!



###
Attach some things I found:




http://www.linuxdby.com/showthread.php?t=2833
請教如何改變用戶組的個數(shù)限制？
我在redhat8中添加了一些用戶組再添加組后，組就不好使了。
聽說對組的個數(shù)是有限制且可更改的， 不知在那里可改此數(shù)值。
謝謝  

http://www.ussg.iu.edu/hypermail/linux/kernel/0203.0/0645.html
>; I have Slackware 7.1 with 2.4.16 kernel. And I have a user who is a member of
>; a number of groups. Linux can't grant access to the user if the group's
>; number he is member of is more than 32. For example if he is member of 32
>; groups - everything is O.K. , but when I make him a member of the 33-rd group
>; he will not be granted access to resource which is owned by that group.
>; Is there any limit in Linux for the number of groups to be member of?
>; And how can I solve that problem?
Unfortunately there is. Secondary group list is soteed in task_struct in an
array. IIRC it's called groups and declared with NGROUPS elements, which is in
turn #defined 32. You can try and change it in the source.

http://www.ussg.iu.edu/hypermail/linux/kernel/9907.3/0698.html
If you are talking about dynamic sizing of the number of maximum groups
per user what do you do if you resize it smaller but there are already
structures that contain more than your new size? IOW, say the existing
ngroups_max is 64 and you have a couple of users logged in that have
50, 10, and 27 groups in their groups_struct. What would happen if you
resized ngroups_max to 32?

http://lists.samba.org/archive/samba/2002-October/054886.html
Isn't there a limit of 32 secondary rgoups under linux 2.4 ?
Trying to remember exactly...

MAXidea

4.2  Identifiers
和其他Unix一樣，Linux使用用戶和組標(biāo)志符來檢查對系統(tǒng)中文件和可執(zhí)行映象的訪問權(quán)限。Linux系統(tǒng)中所有的文件都有所有者和允許的權(quán)限，這些權(quán)限描敘了系統(tǒng)使用者對文件或者目錄的使用權(quán)�；�本的權(quán)限是讀、寫和可執(zhí)行，這些權(quán)限被分配給三類用戶：文件的所有者，屬于相同組的進(jìn)程以及系統(tǒng)中所有進(jìn)程。每類用戶具有不同的權(quán)限，例如一個文件允許其擁有者讀寫，但是同組的只能讀而其他進(jìn)程不允許訪問。

Linux使用組將文件和目錄的訪問特權(quán)授予一組用戶，而不是單個用戶或者系統(tǒng)中所有進(jìn)程。如可以為某個軟件項目中的所有用戶創(chuàng)建一個組，并將其權(quán)限設(shè)置成只有他們才允許讀寫項目中的源代碼。一個進(jìn)程可以同時屬于多個組（最多為32個），這些組都被放在進(jìn)程的task_struct中的group數(shù)組中。只要某組進(jìn)程可以存取某個文件，則由此組派生出的進(jìn)程對這個文件有相應(yīng)的組訪問權(quán)限。

task_struct結(jié)構(gòu)中有四對進(jìn)程和組標(biāo)志符：


uid, gid
表示運行進(jìn)程的用戶標(biāo)志符和組標(biāo)志符。
effective uid and gid
有些程序可以在執(zhí)行過程中將執(zhí)行進(jìn)程的uid和gid改成其程序自身的uid和gid（保存在描敘可執(zhí)行映象的VFS inode屬性中）。這些程序被稱為setuid程序，常在嚴(yán)格控制對某些服務(wù)的訪問時使用，特別是那些為別的進(jìn)程而運行的進(jìn)程，例如網(wǎng)絡(luò)后臺進(jìn)程。有效uid和gid是那些setuid執(zhí)行過程在執(zhí)行時變化出的uid 和gid。當(dāng)進(jìn)程試圖訪問特權(quán)數(shù)據(jù)或代碼時，核心將檢查進(jìn)程的有效gid和uid。
file system uid and gid
它們和有效uid和gid相似但用來檢驗進(jìn)程的文件系統(tǒng)訪問權(quán)限。如運行在用戶模式下的NFS服務(wù)器存取文件時，NFS文件系統(tǒng)將使用這些標(biāo)志符。此例中只有文件系統(tǒng)uid和gid發(fā)生了改變（而非有效uid和gid）。這樣可以避免惡意用戶向NFS服務(wù)器發(fā)送KILL信號。
saved uid and gid
POSIX標(biāo)準(zhǔn)中要求實現(xiàn)這兩個標(biāo)志符，它們被那些通過系統(tǒng)調(diào)用改變進(jìn)程uid和gid的程序使用。當(dāng)進(jìn)程的原始uid和gid變化時，它們被用來保存真正的uid和gid。