HPE Community
Operating System - HP-UX
1834674 Members
2263 Online
110069 Solutions
New Discussion

/etc/group limitations

 
SOLVED
Go to solution
Brian DelPizzo
Frequent Advisor

‎07-10-2003 12:10 PM

‎07-10-2003 12:10 PM

/etc/group limitations

I have read about certain limitations within HP-UX with regard to the /etc/group file. For instance there is a 2048 Byte limit to the length of a particular group listing. There is also a limit of 233 users per group.

Is this accurate? I ran a system with thousands of users in a single group in HP-UX 10.20. I never had an issue with logins or group permissions. Where will this "hard limit" manifest itself? Is there a workaround for large systems with thousands of users?

Thanks,
Brian
0 Kudos
Reply
5 REPLIES 5
Geoff Wild
Honored Contributor

‎07-10-2003 12:17 PM

‎07-10-2003 12:17 PM

Re: /etc/group limitations

Check out this link:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x35f85f260cafd4118fef0090279cd0f9,00.html


The hard limit is: LINE_MAX is 2048

etc/group should have only secondary groups listed, NOT the primary group listed in /etc/passwd. So if you have very long lines with user logins listing their primary group, you can remove all of the logins and just leave the empty group line as in:

users::20:


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-10-2003 12:22 PM

‎07-10-2003 12:22 PM

Re: /etc/group limitations

This is typically only a problem if you are running NIS. Bear in mind that you really don't even need to add members to the group file as long as the GID is in the passwd file.

You would really only need to add many,many users to the group file if users can be members of multiple groups and you are then also using /etc/logingroup.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎07-10-2003 01:00 PM

‎07-10-2003 01:00 PM

Re: /etc/group limitations

Hi Brian,

Besides the line limit mentioned above, another limit applies.
No user can belong to more than 20 groups.

This is defined in /usr/include/limits.h as NGROUPS_MAX

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎07-10-2003 01:17 PM

‎07-10-2003 01:17 PM

Re: /etc/group limitations

The length of each line in /etc/group is limited to LINE_MAX, as
defined in . Because of this limit, users should not be
listed in their primary group - only in their additional groups.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-10-2003 01:55 PM

‎07-10-2003 01:55 PM

Solution

Re: /etc/group limitations

It is not documented very well, but there is no practical limit to the number of users that can belong to a single group. Here are the two most important rules:

1. Starting with 10.20 (possibly with patches), the default group listed in /etc/passwd does not have to be repeated in /etc/group. Thus, only additional group memberships are necessary for /etc/group. (and for the obsolete 10.20 release and earlier versions, there must be a link from /etc/group to /etc/logingroup to make alternate groups automatically active.

2. It is not necessary to list every user ID on a single line. You can put the same group ID on dozens or hundreds of lines and have just 8-12 logins per line:

apps::44:user1,user2,user3,user4,user5
apps::44:user6,user7,user8,user9,user10

and so on..


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.