Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Dec 2003 14:42:59 -0800
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        "Klaus-J. Wolf" <yanestra@web.de>
Subject:   Re: [RC1] Login not possible
Message-ID:  <20031212224259.GA4959@Odin.AC.HMC.Edu>
In-Reply-To: <20031212222736.GA61575@xor.obsecurity.org>
References:  <3FDA30E1.4060101@web.de> <20031212222736.GA61575@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 12, 2003 at 02:27:36PM -0800, Kris Kennaway wrote:
> On Fri, Dec 12, 2003 at 10:19:29PM +0100, Klaus-J. Wolf wrote:
> > Hi,
> >=20
> > I am trying to migrate a 5.1-RELEASE machine to a 5.2-RC1. I have=20
> > discovered that the following passage in /etc/group stops me (kjwolf)=
=20
> > from logging in. I had copied it directly from my old group file. The=
=20
> > error message is the one attached below. I don't get more info. To me,=
=20
> > that's kind of funny.
> >=20
> > kjwolf:*:1000:kjwolf
> > mwolf:*:1001:mwolf
> > wolf:*:1200:kjwolf,mwolf
> > wstaff:*:2000:kjwolf
> > mm:*:2001:kjwolf,mwolf
> > develop:*:2002:kjwolf
> > classifd:*:2003:kjwolf
> > mirror:*:2004:kjwolf
> > mirrors:*:2005:kjwolf
> > sw:*:2006:kjwolf
> > yanestra:*:2007:kjwolf
> > coll:*:2008:
> > lusers:*:2009:
> > exusers:*:2010:
> >=20
> > Dec 12 21:37:24 golulu login: setusercontext() failed - exiting
> >=20
> > _With_ those lines in /etc/group, id gives:
> >=20
> > uid=3D1000(kjwolf) gid=3D20(staff) groups=3D20(staff), 0(wheel), 5(oper=
ator),=20
> > 13(games), 68(dialer), 69(network), 100(users), 1000(kjwolf),=20
> > 1200(wolf), 2000(wstaff), 2001(mm), 2002(develop), 2003(classifd),=20
> > 2004(mirror), 2005(mirrors), 2006(sw)
>=20
> That's 18 groups..there might be a limit of 16 somewhere that is
> causing login to have problems.

A recent change to initgroups() changed the behavior of having too many
groups from silent truncation to error which breaks login...  One of
our users at work ran into this.  Fortunately, we were able to delete a
number of groups for projects that never go cleaned up, but it was
annoying and the error in extremely non-obvious.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/2kRsXY6L6fI4GtQRAnurAJ9WaFBGtrQFigGKXMK1mSa1AR43wACgjLmt
VcOzmzY0/Aj/wVaq2HYCaMc=
=+fo3
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031212224259.GA4959>