System Administration

maximum number of groups a user can belong to

 
SOLVED
Go to solution
support_5
Super Advisor

maximum number of groups a user can belong to

Hi all,

On HP-UX 11.23 (Itanium), what is the maximum number of groups a user can belong to? I remember on older versions of HP-UX, there was a limit to something like 20 or so. Is this still the case or has the maximum increased on 11.23?

Thanks all.

- Andrew Gray
3 REPLIES 3
lawrenzo
Trusted Contributor

Re: maximum number of groups a user can belong to

do this:

stdm901a:/usr/include/sys>getconf NGROUPS_MAX
20

This is hard coded and cannot be changed, HP realise this is a small issue - see this link:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=713127

hope this helps

hello
morganelan
Trusted Contributor
Solution

Re: maximum number of groups a user can belong to

NGROUPS_MAX = 20 + Max number of supplementary groups per process

In addition to the group specified in the /etc/passwd file for a login name, HP-UX (and other UNIX flavors) allows a user to belong to additional groups. The maximum is NGROUPS_MAX (defined in ) = 20. It can be done by typing:

# getconf NGROUPS_MAX

If you intend to increase that value, it is not so easy:

1. Change the value used by the kernel: in /usr/conf/h/param.h.

2. Rebuild the kernel.

Most of time, this will not work because all the commands are compiled with the old value. You can, of course, use your own programs (or try to recompile the commands if you work with Linux for example, where you have the full source code).

To have the benefit of that group feature, it is necessary to hard link /etc/group and /etc/logingroup:

# ln /etc/group /etc/logingroup

(By the way, â logingroupâ is also used by NIS).

For example, let's suppose that we have the three following entries in /etc/group:

bin::2:root,bin,jane
adm::4:root,adm,jane
users::20:bill,jane

From /etc/passwd, the user â janeâ has the group 300 (dev). If /etc/logingroup is linked to /etc/group, we have:

# id jane
uid=112(jane) gid=300(dev) groups=2(bin),4(adm),20(users)

It means that â janeâ has write permissions for the following file:

-rw-rw-r-- 1 root bin 91520 Jul 28 15:20 data1

because she belongs to the group â binâ as well. Likewise, it is easy to define a group â adminâ with some executable permissions:

Entry in /etc/group:

admin::350:carolyn,henry,jane,bill

Above users will be the only ones (+ root) to be able to run such a program:

---s--x--- 1 root admin 20345 Jan 2 15:20 tool1

with the root privileges and without knowing the root password. See Listing 3, too.
Kamal Mirdad
Mahesh Kumar Malik
Honored Contributor

Re: maximum number of groups a user can belong to

Hi

Each user in a system belongs to at least one group. Users may belong to multiple groups, up to a limit of eight or 16. A list of all valid groups for a system are kept in /etc/group

Regards
Mahesh