[rhelv6-list] EXT :Re: maximum member unix group in /etc/group

Molina, Thomas (ES) thomas.molina at ngc.com
Fri Dec 2 11:33:16 UTC 2011


Ian's workaround is a good one.  I use it in my installation also.  However, there is a "gotcha" in there also.  When an external nis client authenticates against the server it gets the proper gid, but the group name is that of the last entry.  In Ian's case:

> largegroup:x:1234:
> largegroup1:x:1234:uname01,uname02,...
> largegroup2:x:1234:uname31,uname31,...
> largegroup3:x:1234:uname61,uname61,...
> largegroup4:x:1234:
> largegroup5:x:1234:

the name reported to external clients would be largegroup5.  This is not a problem for Unix/Linux clients who use the numeric id, but clients who use the literal name can be confused.

In our installation we have an RHEL6 nis server, Linux clients, Solaris clients, and Windows clients working through Samba.  When a Rational Clearcase Windows client works through Samba to access the database, the Clearcase client would pass its group as largegroup, and access would fail because the database server was expecting largegroup5.

-----Original Message-----
From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Jason Keltz
Sent: Thursday, December 01, 2011 3:29 PM
To: rhelv6-list at redhat.com
Subject: EXT :Re: [rhelv6-list] maximum member unix group in /etc/group

Hi Ian,

Thanks for the workaround...

While I'm not using NIS, I can say this with certainty:

1) Installed glibc-2.12-1.7.el6.x86_64 (original RHEL6 glibc), and it 
worked with all of my groups.
2) installed glibc-2.12-1.25.el6_1.3/x86_64 and it did not ...

revert system with glibc-2.12-1.25.el6_1.3/x86_64 to 
glibc-2.12-1.7.el6.x86_64 and it works... HMMM..

seems like a bug to me .. which I will report .. but most of the times I 
report stuff, it doesn't end up getting fixed anyway.  At least I have 
your fix in the meantime..

Thanks!

Jason.

On 12/01/2011 02:17 PM, Iain Morrison wrote:
> Hi Jason,
>    we had this problem with groups in NIS under RHEL4, and whilst it may
> be a bug in RHEL 6.1 the workaround we use might work for you.
>
> [The length of one entry is limited by the NIS protocol to 1024
> characters.]
>
>
> -------------------
>
> There is another way of solving this problem for /etc/group entries.
> This idea is from Ken Cameron:
>
> 1. Break the entry into more than one line and name each group
>     slightly differently.
>
> 2. Keep the GID the same for all.
>
> 3. Have the first entry with the right group name and the GID.
>     I don't put any user names in this one.
>
> What happens is that going by user name you pick up the GID when the
> code
> reads it. Then going the other way it stops after the first match of GID
> and takes that name. It's ugly but works!
>
> ------------------------
>
> so for example we have
>
> largegroup:x:1234:
> largegroup1:x:1234:uname01,uname02,...
> largegroup2:x:1234:uname31,uname31,...
> largegroup3:x:1234:uname61,uname61,...
> largegroup4:x:1234:
> largegroup5:x:1234:
>
> thanks
>
> iain
>
>
> --
>
> Iain Morrison
> IT Manager
> MRC Epidemiology Unit
> Institute of Metabolic Science
> Box 285
> Addenbrooke's Hospital
> Hills Road
> Cambridge
> CB2 0QQ
> Tel 01223 769200
>
> -----Original Message-----
> From: rhelv6-list-bounces at redhat.com
> [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Jason Keltz
> Sent: 01 December 2011 18:08
> To: Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list
> Subject: [rhelv6-list] maximum member unix group in /etc/group
>
> Under RHEL4, as far as I can see, there was no limitation in unix group
> size in /etc/group in terms of line lengths or number of users, or at
> least I never came close to hitting the limit.  Under RHEL6.1, I hit the
>
> limit today - 126 members.  It's not clear if this is a bug or a
> feature, or why such a limitation would be imposed.  It's possible that
> it was imposed by a patch, but after applying many patches, it's not
> clear which would have caused it.  Any ideas???
>
> Jason.
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list


-- 
Jason Keltz
Manager of Development
Department of Computer Science and Engineering
York University, Toronto, Canada
Tel: 416-736-2100 x. 33570
Fax: 416-736-5872

_______________________________________________
rhelv6-list mailing list
rhelv6-list at redhat.com
https://www.redhat.com/mailman/listinfo/rhelv6-list




More information about the rhelv6-list mailing list