LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-25-2008, 10:59 AM   #1
polar_bear
LQ Newbie
 
Registered: Nov 2007
Posts: 10

Rep: Reputation: 0
Maximum setting for ID group membership


I am using RHEL 4 and have a situation where an ID belonging to multiple groups does not take on the permissions of more than 16 groups.

-Is there a setting for an ID's group membership limit
(I have heard it is 32 in RHEL 3 (with a default of 16) and 65536 in RHEL 4)

-What is the maximum this can be set?

-Are there any side-effects to setting this higher than the default?
(I read that setting it will cause NFS to malfunction)

The research I have performed suggests this is NGROUPS_MAX

here is some output from my system
# getconf NGROUPS_MAX
65536

Any ideas?
 
Old 01-25-2008, 01:20 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I wonder if it might be a glibc limit if the library was compiled with XOPEN2k defined:
Code:
grep -n NGROUPS_MAX -A3 -B3 /usr/include/bits/posix1_lim.h
75-
76-/* Number of simultaneous supplementary group IDs per process.  */
77-#ifdef __USE_XOPEN2K
78:# define _POSIX_NGROUPS_MAX  8
79-#else
80:# define _POSIX_NGROUPS_MAX  0
81-#endif
82-
83-/* Number of files one process can have open at once.  */
--
161-/* This value is a guaranteed minimum maximum.
162-   The current maximum can be got from `sysconf'.  */
163-
164:#ifndef     NGROUPS_MAX
165:# define NGROUPS_MAX        8
166-#endif
167-
168-#endif      /* bits/posix1_lim.h  */
According to this mailing list response a side effect of increasing the value could eat up limited memory in the kernel. The message deals with NGROUPS_MAX in the kernel's limits.h header.
http://www.ussg.iu.edu/hypermail/lin...10.0/0465.html

These limits of course are in the source which would mean recompiling.

What is the value of /proc/sys/ngroups_max?

Something in the back of my mind is telling me that using a different kernel version available might help, such as a 2.6 instead of 2.4 version kernel, or the memory page size the kernel uses. However, looking around on my laptop (64bit suse) everything points to 65536 max groups that can be assigned to a process. A search in a mailing list for rhel4 might reveal the answer.

Last edited by jschiwal; 01-25-2008 at 01:53 PM.
 
Old 01-25-2008, 01:54 PM   #3
polar_bear
LQ Newbie
 
Registered: Nov 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jschiwal View Post
What is the value of /proc/sys/ngroups_max?
#cat /proc/sys/kernel/ngroups_max
65536

Thanks for the reply
 
Old 01-25-2008, 02:14 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
What architecture are you using? Some seem to have lower limits in the kernel source. Particularly KERN_NGROUPS_MAX.

What does "sudo /sbin/sysctl kernel.ngroups_max" return. I think it will be the same as /proc/sys/ngroups_max. If it had been 8, you may be able to use sysctl to increase it.
 
Old 01-25-2008, 03:25 PM   #5
polar_bear
LQ Newbie
 
Registered: Nov 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jschiwal View Post
What architecture are you using? Some seem to have lower limits in the kernel source. Particularly KERN_NGROUPS_MAX.

What does "sudo /sbin/sysctl kernel.ngroups_max" return. I think it will be the same as /proc/sys/ngroups_max. If it had been 8, you may be able to use sysctl to increase it.
65536

The architecture is AMD 64, Red Hat Enterprise Linux Advanced Server 4.04
 
Old 01-26-2008, 11:04 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Everything seems to indicate that you should have 65536 max groups associated with a process. Maybe the problem is somewhere else.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Group Membership Limitations Kdr Kane Linux - Enterprise 1 08-23-2006 02:05 PM
Force group membership reload? humbletech99 Linux - General 2 06-03-2006 04:02 AM
Command 'groups' doesn't show group membership correctly Akhran Debian 1 03-14-2006 06:16 AM
Group membership? KlaymenDK Mandriva 4 06-25-2004 04:10 AM
Group Membership Question rlkiddjr Linux - General 3 06-18-2002 10:26 PM


All times are GMT -5. The time now is 05:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration