HPE Community
Operating System - HP-UX
1834931 Members
2436 Online
110071 Solutions
New Discussion

Re: id command only returning 20 groups

 
SOLVED
Go to solution
Dale Renton
Advisor

‎11-22-2006 07:57 AM

‎11-22-2006 07:57 AM

id command only returning 20 groups

HP-UX 11.23 Itanium

The following command is only returning a user's first 20 groups. We use ldapux to connect to an openldap server. Any suggestions?

/usr/bin/id -G -n

Thanks
0 Kudos
7 REPLIES 7
Bill Hassell
Honored Contributor

‎11-22-2006 09:01 AM

‎11-22-2006 09:01 AM

Re: id command only returning 20 groups

That's all you can have for HP-UX. See man getconf, or specifically:

getconf NGROUPS_MAX
20


Bill Hassell, sysadmin
0 Kudos
Dale Renton
Advisor

‎11-22-2006 09:17 AM

‎11-22-2006 09:17 AM

Re: id command only returning 20 groups

Ok, thanks.

Any suggestions on how I can determine if a user belongs to a certain group? Right now my script does this :

for var in `/usr/bin/id -G -n` ; do
if [ "$var" = "groupname" ]; then
TZ=EST5EDT
export TZ
break
fi
done
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-22-2006 09:23 AM

‎11-22-2006 09:23 AM

Re: id command only returning 20 groups

Hi Dale:

> how I can determine if a user belongs to a certain group?

# groups user

...shows the group(s) to which user belongs. For example:

# groups root
adm bin daemon lp mail other root sys users

See the manpages for 'groups(1)' for more information.

Regards!

...JRF...
0 Kudos
Dale Renton
Advisor

‎11-22-2006 09:28 AM

‎11-22-2006 09:28 AM

Re: id command only returning 20 groups

Yes, but that only shows me the first 20 groups. The group I want to determine if the user is a member of is the 23rd.

Thanks,
Dale
0 Kudos
Bill Hassell
Honored Contributor

‎11-22-2006 11:17 AM

‎11-22-2006 11:17 AM

Solution

Re: id command only returning 20 groups

For HP-UX, it won't matter. The user may be associated with 23 groups but only the first 20 are meaningful. The user will not have any group rights for the 23rd group (or any group beyond the first 20). If you create a file with 660 permissions, owned by someone else with group = group23, the user (with group23 membership) cannot read or write the file. This is a system wide limitation. Various flavors of Unix have different group membership limitations.


Bill Hassell, sysadmin
0 Kudos
Dale Renton
Advisor

‎11-23-2006 12:25 AM

‎11-23-2006 12:25 AM

Re: id command only returning 20 groups

Ok thanks. I guess I will have to move the groups in question up in the list.

0 Kudos
Dale Renton
Advisor

‎11-23-2006 12:27 AM

‎11-23-2006 12:27 AM

Re: id command only returning 20 groups

closed
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.