Bloggers Wanted
We're looking for people to help with the main blog. If you are consistent, knowledgeable and you're into it, please drop me a note.
|
|
|
|
|
Bhaumik Shukla
 Expert Boarder
Posts: 81 
|
|
Hi folks,
I recently stumbled over something strange regarding group membership. Is it possible that there is an upper limit as on how many groups a user can be a member of?
On my system (see below) there is a user that belongs to 34 groups, but id -Gn always just returns the first 32 groups. Opposed to that a call to id -Gn Username returns all 34 groups. Also that user is not able to access files that belong to one of the groups past that 'imaginary' boundary. When I delete one of the below that boundary, the formerly 33rd group appears and the user has access to the files of that group - strange isn't it?
Some words regarding my setup: I use ldap for my user management on my RedHat Linux 8.0 box. I installed all the latest RedHat patches and use a self compiled 2.4.19 kernel with XFS Patches from SGI. My installed software is:
* smbldap-tools-0.7-2 * openldap-clients-2.0.27-2.8.0 * openldap-servers-2.0.27-2.8.0 * openldap-devel-2.0.27-2.8.0 * nss_ldap-202-5 * python-ldap-2.0.0pre06-4 * openldap-2.0.27-2.8.0
I have a lot of groups in my ldap tree and a lot of users belonging to different groups - by the way I still use memberUid rather than uniqueMember.
Does anybody ever heard of such a boundary?
I'd really appreciate your help and remain,
chris
Ps. please reply to my email address as well as to the list.
|
|
The administrator has disabled public write access. |
Adrian
Senior Boarder
Posts: 54
|
|
Yes. It's hidden away, but 'man getgroups' states the following:
For setgroups, [return EINVAL if] size is greater than NGROUPS (32 for Linux 2.0.32). For getgroups, size is less than the number of supplementary group IDs, but is not zero.
A process can have up to at least NGROUPS_MAX supplementary group IDs in addition to the effective group ID. The set of supplementary group IDs is inherited from the parent process and may be changed using setgroups. The maximum number of supplementary group IDs can be found using sysconf(3):
long ngroups_max; ngroups_max = sysconf(_SC_NGROUPS_MAX);
This also returns 32 on my 2.4.20 based system, so I assume it's a fairly static value.
Usenet is not a write-only medium. Use google if your newsfeed is that unreliable.
|
|
The administrator has disabled public write access. |
RAZA
Expert Boarder
Posts: 109
|
|
Posible? It's certain. The limit is usually 16 or 32 or something like that.
|
|
The administrator has disabled public write access. |
|
|
|
