On Tue, Mar 08, 2005 at 10:11:21AM -0500, David Collier-Brown wrote:
> Imagine for a moment that Solaris provided a pair of extra calls:
> set_auxgroups_max(int max)
> and
> activate_auxgroup(group)
> The first allows the aux group list to be as long as you like.
> The second makes an existing member of the aux groups "active",
> where active really means that it's moved to the first 8, 16 or
> 32. Both require root permissions.
> Does that help?

No - why can't initgroups()/setgroups()/getgroups() just
be made dynamic ? There is no binary compatibility issue
as setgroups/getgroups take a size parameter, all it means
for old applications using a static NGROUPS_MAX is that they
won't see all the secondary groups - similar to what we have

We don't need or want new system calls.