Minor Description
When a regular user on a Lustre client tries to open a file, the client's normal behavior is to send a maximum of 2 supplementary groups for the user to the servers. Without complete supplementary group information, the MDS may not be able to authorize access to a resource, so may return "permission denied", even though the user is technically authorized to access the resource. This is especially true for resources with access controlled by ACLs. For this reason, the client is able to send alternative supplementary groups to the server using a retry mechanism. If the first authorization fails, then the failure reply from the server will include a hint that the client is able to retry. A retried authorization attempt is then sent, including alternative supplementary groups, selected using group information hinted in the reply from the MDT.
This retry mechanism only exists for file open, but could also be implemented for file create.