Date: Fri, 12 Dec 2003 14:42:59 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Kris Kennaway <kris@obsecurity.org> Cc: "Klaus-J. Wolf" <yanestra@web.de> Subject: Re: [RC1] Login not possible Message-ID: <20031212224259.GA4959@Odin.AC.HMC.Edu> In-Reply-To: <20031212222736.GA61575@xor.obsecurity.org> References: <3FDA30E1.4060101@web.de> <20031212222736.GA61575@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 12, 2003 at 02:27:36PM -0800, Kris Kennaway wrote: > On Fri, Dec 12, 2003 at 10:19:29PM +0100, Klaus-J. Wolf wrote: > > Hi, > >=20 > > I am trying to migrate a 5.1-RELEASE machine to a 5.2-RC1. I have=20 > > discovered that the following passage in /etc/group stops me (kjwolf)= =20 > > from logging in. I had copied it directly from my old group file. The= =20 > > error message is the one attached below. I don't get more info. To me,= =20 > > that's kind of funny. > >=20 > > kjwolf:*:1000:kjwolf > > mwolf:*:1001:mwolf > > wolf:*:1200:kjwolf,mwolf > > wstaff:*:2000:kjwolf > > mm:*:2001:kjwolf,mwolf > > develop:*:2002:kjwolf > > classifd:*:2003:kjwolf > > mirror:*:2004:kjwolf > > mirrors:*:2005:kjwolf > > sw:*:2006:kjwolf > > yanestra:*:2007:kjwolf > > coll:*:2008: > > lusers:*:2009: > > exusers:*:2010: > >=20 > > Dec 12 21:37:24 golulu login: setusercontext() failed - exiting > >=20 > > _With_ those lines in /etc/group, id gives: > >=20 > > uid=3D1000(kjwolf) gid=3D20(staff) groups=3D20(staff), 0(wheel), 5(oper= ator),=20 > > 13(games), 68(dialer), 69(network), 100(users), 1000(kjwolf),=20 > > 1200(wolf), 2000(wstaff), 2001(mm), 2002(develop), 2003(classifd),=20 > > 2004(mirror), 2005(mirrors), 2006(sw) >=20 > That's 18 groups..there might be a limit of 16 somewhere that is > causing login to have problems. A recent change to initgroups() changed the behavior of having too many groups from silent truncation to error which breaks login... One of our users at work ran into this. Fortunately, we were able to delete a number of groups for projects that never go cleaned up, but it was annoying and the error in extremely non-obvious. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/2kRsXY6L6fI4GtQRAnurAJ9WaFBGtrQFigGKXMK1mSa1AR43wACgjLmt VcOzmzY0/Aj/wVaq2HYCaMc= =+fo3 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031212224259.GA4959>