Blog | Admin | Archives

32-group limit rears its ugly head again

Previously, I ran into a problem on sf2 where I could only have a user in 32 groups. Because of the security scheme I implement on sf2 – a combination of user-private groups and some stuff I made up – this meant I could only have 32 sites active at a time. I ran into the issue several times, but was able to find a solution by disabling some older, no longer used sites.

However, I always wished there were a solution in case the limit came up agian. So when I upgrded to kernel version 2.6, I was pleased to read that the rther arbitrary 32 group limit had been removed.

Or had it?

Despite this line showing up in the 2.6.11.11 kernel sources:

# grep GROUPS /usr/src/linux/include/linux/limits.h
#define NGROUPS_MAX 65536 /* supplemental group IDs are available */

today, I ran into the problem again. Zut alors!

Yes, there is a workaround – Access Control Lists (ACLs), but I really don’t want to have to do the work to learn and implement them, when the group system would work just fine if it weren’t for a dumb arbitrary limit. Just like how I had to reset enfusion a few days ago to get the ftp server working properly, Linux isn’t always all its cracked up to be.

Leave a Reply