Blog | Admin | Archives

32 Groups

A few days ago, I got a request for another subdomain here at SilverFir.net. Its become pretty routine for me to add them, so I went thourgh the steps and presented the results to the requestor. But something wasn’t working. Apache claimed it didn’t have write access to the directory. But I had put apache into the group, just like I have done for all the other subdomains on SilverFir. The reasoning behind this is that then multiple people can admin a site without having any global privileges; Apache can access files with semi-sensitive usernames and passwords without making them world-readable, and everyone is happy-hunky-dory.

Until arbitrary limits in the Linux Kernel rear their ugly head.

A user can not be a member of more than 32 groups. I learned this fact after a suspicion of such a limit led me to google for “Is there a limit to how many groups a user can be a member of?” which eventually led me to this page where the truth was hidden. That page also happens to contain a patch for the Linux Kernel, and given that I’m not using NFS, which seemed to be the main reason for the arbitrary limit, it would probably work. I’ve never patched a linux kernel… but might as well start with oasis and gentoo, just to make sure I get it down before I try it on this computer, which is becoming mission-critical for the TRC and well, this site too, as well as some others, I suppose.

Leave a Reply