Thanks to all those who responded (too numerous to name them all).
The maximum number of groups a user can belong to is defined in
"/sys/include/sys/syslimits.h" as "#define NGROUPS_MAX 32", so 32 it
is. If you modify this, you will need to rebuild the Kernel. There is
also information contained in the group(4) manpage relating to this
question including:
RESTRICTIONS
1. Increasing the number of groups that a user is in beyond 16 can
affect
services that use ONC RPC. Digital UNIX ONC RPC supports up to
32
groups for compatibility with ULTRIX Version 4.2 and higher.
Other
vendors may support only 16 groups. ULTRIX versions before 4.2
sup-
port up to 8 groups. Users who increase their group membership
beyond
8 or 16 groups will not be able to NFS mount file systems from
servers
that only support 8 or 16 groups over NFS. In addition, if root
group
membership is increased beyond 8 or 16, the NIS service will not
work
in a mixed NIS server environment where the servers support only
8 or
16 groups.
I don't know why these limits are set so low. I presume that they are
historical. Hopefully someone in the near future (DU v5 ??) will remove
or at least raise these limits to something more sensible for the modern
age!
Cheers,
Sean
Sean McGlynn (TMIAU)
email smcgly_at_acxiom.co.uk
phone +44 (0)171 378 7244 x.3118
fax +44 (0)171 378 6525
--------
Original Posting Below
>----------
>
>Hello All,
>
>We use groups here to separate our individual clients. Usually a person
>will belong to no more than half a dozen or so groups, but some of our
>programmers will often work on multiple clients and will belong to many
>more groups than this. One programmer told me yesterday that they see
>the message "initgroups: user xxxxxx belongs to too many groups" when
>they log on. This particular user is a member of 35 different groups.
>Although the message appears, the group command still lists all the
>groups that the user has been added to. Is there an actual limit on the
>number of groups that a user can belong to or is this just an old error
>message that hasn't been removed from the initgroups code? TIA for your
>help.
>
>Cheers,
> Sean
>Sean McGlynn (TMIAU)
>
>email smcgly_at_acxiom.co.uk
>phone +44 (0)171 378 7244 x.3118
>fax +44 (0)171 378 6525
>
>
Received on Wed Aug 12 1998 - 15:15:07 NZST