I just recently ran into the 16 group limit per user.  I had the
need to be in more than 16 groups to get the sharing and 
protection done in the way wanted.  At that point, I discovered
that 16 was a fixed limit.

What are the reasons for not:

  a) making this limit a dynamic limit.  I know that this would
     change the credential structure.  If the last entry was
     changed into a gid_t *cr_groups and dynamically allocated,
     would this cause a lot of problems?  (I know setting groups
     and cleaning up would be a touch harder.)
     
/*
 * Credentials.
 */
struct ucred {
        u_short cr_ref;                 /* reference count */
        uid_t   cr_uid;                 /* effective user id */
        gid_t   cr_gid;                 /* effective group id */
        short   cr_ngroups;             /* number of groups */
        gid_t   cr_groups[NGROUPS];     /* groups */
};


  b) If a is not workable, (or some other dynamic scheme),
     is there any reason we shouldn't up the fixed limit to
     64 or so?


-- 
Phil Nelson
e-mail: philnelson@home.com  (Work: phil@cs.wwu.edu)
web: members.home.com/philnelson