[olug] 32 groups per user limit

Tim - DZ iceburn at dangerzone.com
Mon Nov 10 22:27:37 UTC 2003


 
Has anyone run into the 32 groups per user limit?  

Basically, depending on the distro, only the first 32 groups a user belongs
to are read (so for the 33+ groups permissions are ignored for that user) or
lines in /etc/group after the first line that contains more than 32 groups
are not read...obviously neither scenario is desired.

Seems that the limit is both hard-coded in the kernel and at the glibc
level, so doing things like changing the ngroups variable end up just making
the system unstable.

I've run across sites in my google and google-groups searches that point to
ACLs for linux, but I've run across just as many that say ACLs don't fix the
issue.

So I post the question to the all knowing OLUG membership.

Little FYI on why I actually need a solution:

I have an linux server (RH8) primarily doing ftp (vsftp).
In the ftp root I have directories that each serve as a 'root' directory for
a project
Inside each project directory there is a preset structure of files and
directories common to all projects
-three kinds of permission exist here Consultant, Contractor, ProjectManager
-various directories have various group owners and permissions such that
Consultants and Contracts can view some things, upload in certain areas, etc
etc
-ProjectManagers is a group of people that should basically have root access
to all projects (but nothing outside of the ftp root)

ProjectManagers then basically have to belong to all three groups for every
project (so 11 projects busts the 32 group limit)

Vsftp is setup fairly standard:  no anonymous access, passive mode enabled,
chroot_local...
All users are set to /sbin/nologin (all they need to access is ftp)
Server is hanging on the internet basically alone, no need for network
authentication / mirroring of userlists / etc

Anybody done this before, or have any insight?

-tim



More information about the OLUG mailing list