root is in too many groups

[Andrew Dawson]

We have a variety of RS6000 and PS/2 machines running AIX 3.1 and 1.2
respectively. We are using an RS6000 as an NIS (YP) master with the PS/2's as
clients.

The distributed /etc/group file on the RS6000 has root in the groups security,
audit, cron, system, sys and bin. On the PS/2 root is in system, bin, sys, adm,
uucp, mail, daemons and printq.

We have a problem when root logs on to a PS/2. The combination of local and NIS
group list means that root is in 10 groups. This is in excess of the 8 group
limit imposed - for instance requests to NFS mount a remote file system are
failing.

Is it safe to remove root from some of these groups? I understand the purpose
of most of them (eg group security users have access to files relating to user
registration), but root should have the necessary permissions anyway. Does
anyone know whether any commands specifically check internally whether the 
invoking user is in the appropriate group if the user is the superuser?

Surely someone else must have had this problem, so any help would be much
appreciated.

Thanks in advance,

Andrew.
-- 
#include <std_disclaimer.h>  /* My brain was swiss-cheesed when I wrote this */
JANET:    andrew at uk.ac.ucl.sm.uxm     UUCP/EARN/BITNET: andrew at uxm.sm.ucl.ac.uk
INTERNET: andrew%uxm.sm.ucl.ac.uk at nsfnet-relay.ac.uk
"Leapers do it with assistance from neurological holograms"