From owner-freebsd-current@FreeBSD.ORG Fri Dec 12 14:43:06 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFA1816A4CE for ; Fri, 12 Dec 2003 14:43:06 -0800 (PST) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92ED043D35 for ; Fri, 12 Dec 2003 14:43:04 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.10/8.12.3) with ESMTP id hBCMh0A7006273; Fri, 12 Dec 2003 14:43:00 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id hBCMgxkx006267; Fri, 12 Dec 2003 14:42:59 -0800 Date: Fri, 12 Dec 2003 14:42:59 -0800 From: Brooks Davis To: Kris Kennaway Message-ID: <20031212224259.GA4959@Odin.AC.HMC.Edu> References: <3FDA30E1.4060101@web.de> <20031212222736.GA61575@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <20031212222736.GA61575@xor.obsecurity.org> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: current@freebsd.org cc: "Klaus-J. Wolf" Subject: Re: [RC1] Login not possible X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 22:43:07 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 12, 2003 at 02:27:36PM -0800, Kris Kennaway wrote: > On Fri, Dec 12, 2003 at 10:19:29PM +0100, Klaus-J. Wolf wrote: > > Hi, > >=20 > > I am trying to migrate a 5.1-RELEASE machine to a 5.2-RC1. I have=20 > > discovered that the following passage in /etc/group stops me (kjwolf)= =20 > > from logging in. I had copied it directly from my old group file. The= =20 > > error message is the one attached below. I don't get more info. To me,= =20 > > that's kind of funny. > >=20 > > kjwolf:*:1000:kjwolf > > mwolf:*:1001:mwolf > > wolf:*:1200:kjwolf,mwolf > > wstaff:*:2000:kjwolf > > mm:*:2001:kjwolf,mwolf > > develop:*:2002:kjwolf > > classifd:*:2003:kjwolf > > mirror:*:2004:kjwolf > > mirrors:*:2005:kjwolf > > sw:*:2006:kjwolf > > yanestra:*:2007:kjwolf > > coll:*:2008: > > lusers:*:2009: > > exusers:*:2010: > >=20 > > Dec 12 21:37:24 golulu login: setusercontext() failed - exiting > >=20 > > _With_ those lines in /etc/group, id gives: > >=20 > > uid=3D1000(kjwolf) gid=3D20(staff) groups=3D20(staff), 0(wheel), 5(oper= ator),=20 > > 13(games), 68(dialer), 69(network), 100(users), 1000(kjwolf),=20 > > 1200(wolf), 2000(wstaff), 2001(mm), 2002(develop), 2003(classifd),=20 > > 2004(mirror), 2005(mirrors), 2006(sw) >=20 > That's 18 groups..there might be a limit of 16 somewhere that is > causing login to have problems. A recent change to initgroups() changed the behavior of having too many groups from silent truncation to error which breaks login... One of our users at work ran into this. Fortunately, we were able to delete a number of groups for projects that never go cleaned up, but it was annoying and the error in extremely non-obvious. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/2kRsXY6L6fI4GtQRAnurAJ9WaFBGtrQFigGKXMK1mSa1AR43wACgjLmt VcOzmzY0/Aj/wVaq2HYCaMc= =+fo3 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--