In the IEEE 1003.1-1990 Standard, associated with a process are its effective user ID, effective group ID, and a set of supplementary group IDs. Associated with a file is a group ID which indicates the group ownership of the file. The file access mechanism of the IEEE 1003.1-1990 Standard includes checking the effective group ID of the process, as well as, each of the supplementary group IDs of the process, against the group ownership of the file to see if the process has access to a file based on group permissions. If a process is not the owner of a file, then access to a file is granted to the process if its effective group ID or any of its supplementary group IDs match the group ownership of the file, and if the file group access permissions are set for the operation that the process wishes to perform. The sysconf() variable NGROUPS_MAX indicates to an application the maximum number of supplementary groups permitted by the implementation.
In a network environment, the value of NGROUPS_MAX on a client may differ from the value of NGROUPS_MAX on a server. In particular, NGROUPS_MAX for the client may be greater than NGROUPS_MAX for the server. The implementation should deal with this situation in such a manner that a process on the client is not denied access to a file that it should be able to access based on one of its supplementary groups. For example, an implementation could check access rights based on supplementary group membership by accessing the server several times giving the server each time the number of groups that the server can accept. If the client knows that the process is a member of the group which owns the file, then by always including that group in the list given the server, correct access verification is assured. In addition, an application should be able to obtain from the implementation the maximum number of supplementary groups permitted by a file.