More than 32 group membership problem

More than 32 group membership problem

Post by Yaroslav Bug » Tue, 05 Mar 2002 23:52:07



Hi,

I have Slackware 7.1 with 2.4.16 kernel. And I have a user who is a member
of
a number of groups. Linux can't grant access to the user if the group's
number he is member of is more than 32. For example if he is member of 32
groups - everything is O.K. , but when I make him a member of the 33-rd
group
he will not be granted access to resource which is owned by that group.
Is there any limit in Linux for the number of groups to be member of?
And how can I solve that problem?

Thanks guys in advance.
Yaroslav Buga.

 
 
 

More than 32 group membership problem

Post by Dave Bro » Wed, 06 Mar 2002 05:10:59



> I have Slackware 7.1 with 2.4.16 kernel. And I have a user who is member of
> a number of groups. Linux can't grant access to the user if the group's
> number he is member of is more than 32. For example if he is member of 32
> groups - everything is O.K. , but when I make him a member of the 33-rd
> group
> he will not be granted access to resource which is owned by that group.
> Is there any limit in Linux for the number of groups to be member of?
> And how can I solve that problem?

There is a limit (perhaps both kernel and shell) to the number of
concurrent groups a user may have.  As you have found, it's 32.

AIX has a command "setgroups", which allows users to add/delete to
the concurrent groupset. So if a user has need of an additional group over
32 to his current shell, he can drop one and add the needed one.

Unfortunately, although the glibc supports this kind of thing, (see
getgroups, setgroups), I haven't found a command in Linux which implements
this. (setgroups requires root authority, so presumably the command would
require suid).

As far as a solution... perhaps your user should be removed from
one of groups in /etc/group.

--
Dave Brown  Austin, TX

 
 
 

More than 32 group membership problem

Post by Davi » Wed, 06 Mar 2002 06:14:34



> AIX has a command "setgroups", which allows users to add/delete to
> the concurrent groupset. So if a user has need of an additional group over
> 32 to his current shell, he can drop one and add the needed one.

> Unfortunately, although the glibc supports this kind of thing, (see
> getgroups, setgroups), I haven't found a command in Linux which implements
> this. (setgroups requires root authority, so presumably the command would
> require suid).

> As far as a solution... perhaps your user should be removed from
> one of groups in /etc/group.

 man setgroups

It's on  RedHat 6.2 system also.
--
Confucius say: He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org
ID # 123538

 
 
 

More than 32 group membership problem

Post by Dave Bro » Wed, 06 Mar 2002 10:10:45




>> ...
>> As far as a solution... perhaps your user should be removed from
>> one of groups in /etc/group.

>  man setgroups

> It's on  RedHat 6.2 system also.

Not helpful, David, unless you're a C programmer.  (Perhaps you
didn't "man setgroups".)  The OP was presumably looking for a executable
command, not a system call.

--
Dave Brown  Austin, TX

 
 
 

More than 32 group membership problem

Post by Arnt Karlse » Sun, 10 Mar 2002 09:52:29


.on Mon, 04 Mar 2002 15:52:07 +0100, "Yaroslav Buga"

Quote:> Hi,

> I have Slackware 7.1 with 2.4.16 kernel. And I have a user who is a
> member of
> a number of groups. Linux can't grant access to the user if the group's
> number he is member of is more than 32. For example if he is member of
> 32 groups - everything is O.K. , but when I make him a member of the
> 33-rd group
> he will not be granted access to resource which is owned by that group.

..for the here brilliantly snipped tech discussion, follow
the other thread. ;-)

..on the _policy_ or _organizational_level_:
_Why_ would an user need to be a member of more than 32 groups?

..average people begin to miss/drop/lose things when they try to
keep track of more than 10 different things, people, groups, or,
airliners, near misses happens even out in the mid Pacific.

--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)

  Scenarios always come in sets of three:
  best case, worst case, and just in case.

 
 
 

1. membership in more than 32 groups ???

dear aix-admins
my security-concept is based on aix-groups. however there are a few
special-user that should be member of more than the default 32 groups. is
there a way to give a user group-membership in up to 80 groups ???

thanx alot
hubert

2. changing partition AdvFS uses

3. Group membership for a group

4. How to set ALT+TAB function in the X window?

5. Group membership problem

6. : Problem with ATI Ultra and MCC release

7. Problem with multi-group membership? SOLVED

8. NCurses

9. Problem with multi-group membership?

10. How to do automatic group membership?

11. group memberships

12. Membership of group

13. file permissions & group membership when uploading files via FTP