From owner-freebsd-security  Tue Mar 20  2:45:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from baerenklau.de.freebsd.org (baerenklau.de.freebsd.org [195.185.195.14])
	by hub.freebsd.org (Postfix) with ESMTP
	id 956D837B718; Tue, 20 Mar 2001 02:45:23 -0800 (PST)
	(envelope-from w@panke.de.freebsd.org)
Received: (from uucp@localhost)
	by baerenklau.de.freebsd.org (8.8.8/8.8.8) with UUCP id LAA15220;
	Tue, 20 Mar 2001 11:43:56 +0100 (CET)
	(envelope-from w@panke.de.freebsd.org)
Received: (from w@localhost)
	by paula.panke.de.freebsd.org (8.9.3/8.8.8) id LAA01232;
	Tue, 20 Mar 2001 11:30:52 +0100 (CET)
	(envelope-from w)
Date: Tue, 20 Mar 2001 11:30:52 +0100
From: Wolfram Schneider <bsd@panke.de.freebsd.org>
To: Brett Glass <brett@lariat.org>
Cc: Terry Lambert <tlambert@primenet.com>,
	Sergey Babkin <babkin@bellatlantic.net>, security@FreeBSD.ORG,
	Wes Peters <wes@softweyr.com>, Robert Watson <rwatson@FreeBSD.ORG>,
	fs@FreeBSD.ORG
Subject: Re: about common group & user ID space (PR kern/14584)
Message-ID: <20010320113052.A1141@paula.panke.de.freebsd.org>
References: <3AB3FC38.94711FFF@bellatlantic.net> <200103180738.AAA03250@usr05.primenet.com> <4.3.2.7.2.20010318123759.00d9dd10@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <4.3.2.7.2.20010318123759.00d9dd10@localhost>; from brett@lariat.org on Sun, Mar 18, 2001 at 12:42:17PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 2001-03-18 12:42:17 -0700, Brett Glass wrote:
> At the same time, it'd be nice to eliminate the arbitrary limitations
> on (a) the number of groups of which a user can be a member and (b) the
> number of members in a group. Both of these limitations often bite
> administrators who, for example, want most users of a system to be 
> members of a particular group or want to implement group-based access 
> control schemes with a moderate degree of granularity. 

The current length limit for a line in /etc/groups is 256KByte, 
which should be enough for 65536 users in one group ;-)

Please keep in mind that other OS has lower limits, eg. 
Solaris had a limit of 1024 characters (~200 user per group)
and NIS/YP may not work with lines longer 1024 characters.

You can increase the limit if you want and recompile your libc.
See src/lib/libc/gen/getgrent.c,v for more details. The support
for long lines was added in Dec 1996.

-Wolfram

-- 
Wolfram Schneider <wosch@freebsd.org> http://wolfram.schneider.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message