SUMMARY: maximum users in group?

From: J.L. Hall (jlh@ardu.dsto.gov.au)
Date: Sun May 23 1993 - 09:36:48 CDT


Thanks for the responses.
One question is solved, the other not.
The original Q:
>Hi all,
>We are running SUN SPARCs with 4.1.2 in a local NIS / NFS managed network.
>We have one master NIS server with passwd, group info etc for all.
>We have approx 215 users in the passwd file.
>
>What is the maximum numbers of users that can be in a group in /etc/group?
>- We have a common group for all "employees" but, allthough they are all
>listed in /etc/group, only approx 150 out of 215 are actually correctly in
>the group. (doing "groups" for each user shows some OK, some not).
>Is there a way of allowing more users in a particular group?
>
>Is there any way of increasing the maximum number of groups (currently 16)
>that any user can belong to?

---------From slf@beta.lanl.gov Wed May 19 02:00:48 1993

The work around for the maximum line length allowed in the groups file is
to have several group names with the same group number. Access is
checked based on the number and the group shown in an ls -lg
command is the first matching group.

employee:*:35:fred,tom,alice,...
gronkul:*:35:more, more1,user,...
...
groupn:*:35:user327,user412...lastuser

------ From: "Anthony A. Datri" <aad@lovecraft.siemens.com>

>Is there any way of increasing the maximum number of groups (currently 16)
>that any user can belong to?
NGROUPS in /usr/include/sys/limits.h and/or /usr/include/sys/param.h. For
SunOS 4.1.2, this is 16. Be careful about other hosts, though. If you're
going to NFS-mount filesystems to hosts running, say HPUX 8.07 or earlier,
you'll have to keep it under 8. HPUX before v9 used v3 NFS, which was limited
to 8.

> If I increase NGROUPS, will that allow an individual user to be a member
>of more than 16 groups, or does the NFS source code need mod too? - We don't
>have access to SunOS source code!

Various OS things are built against the value of NGROUPS -- especially
the NFS code, much of which is in the kernel. I doubt that one could
change everything required without kernel source.

>2. If we take /etc/groups out of YP,

Unfortunately, some code assumes that if the domainname is set, YP is
running. For groups, though, this might not be a problem -- I think
Sun's routines read /etc/group first, *then* go to YP if a group isn't
found. So, you should be able to rdist (or whatever) /etc/group around
and have it work. There may still be some line-length restriction, but
it should be bigger.

>should that then allow 200+ members in a group?

It's not really the number of members -- it's the total length. 200
members each with 2-character unames is a different matter than 200 with
8-character unames.

=======================================================================
So, the best solution for more members in a group is multiline groups
with the same number, I tried it, it works, with YP also.
Note however, that a "groups user" shows the name from /etc/group, which will
be the actual groupname the user is listed under. If logged in as "user",
and a "groups" command done, the first matching group is shown. ie:

ardu:*:100:fred,sam
ardua:*:100:mick,helen
ardub:*:100:user,sue

If logged in as "user";
user@host % groups user
user: maingrp ardub

user@host % groups
maingrp ardu

Leave you to it,
John.

--
| John HALL,       Email:  jlh@ardu.dsto.gov.au                           |
|                  Phone:  AUST : (08) 256 2932  WORLD: 61 8 256 2932     |
| Royal Australian Air Force, Aircraft Research and Development Unit      |
| Edinburgh, South Australia, 5111                                        |



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:52 CDT