Bug 54218

Summary: User with too many groups causes permission denied..
Product: [Retired] Red Hat Linux Reporter: J. Lucha <jim>
Component: kernelAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-07 18:24:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description J. Lucha 2001-10-01 21:28:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010913

Description of problem:
I'm running the 7.1.94 build of Roswell.

I have about 200 users and about 250 groups.

For backup reasons I have a user account that I also made a member of all
the user private groups as well as the independant groups I created, but
not including any of the built-in groups shipped with RedHat (like wheel,
or disk).

If I take that user and go to a directory that has group write access, I
cannot create files.  If I try to edit a file that has group write access,
the editor opens it as read-only.  I can even change the directory or file
to be mode 777 and it will still say I don't have permission.

I found that the problem is the number of groups.  If I start removing the
number of groups the account is a memeber of, It will eventually work,
without having to modify the directory of file permissions.  I can also
revert the permissions to the original value, and it will work like it's
supposed to.

I then re-added a single group, and I would get the permission problems again.

To see if it was that last particular group..I removed the last group, and
another one further in the file.

I suspect I'm overflowing some variable or something

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.create about 200 groups
2.create a user, and make them a member of all 200 groups you created
3.create a directory writeable by one of your groups
4.try to create a file
	

Actual Results:  You get a permission denied

Expected Results:  Should be able to create the file.

Additional info:

I'm running the ext3 filesystem.

Comment 1 Nalin Dahyabhai 2001-11-13 20:45:30 UTC
This looks like a kernel limit (usually set to 32 or so).  Arjan, any way to
work around this without rebuilding the kernel?

Comment 2 Uriah Welcome 2002-04-12 16:50:55 UTC
This is accually a libc thing iirc.  You can just use the 'chgrp' command to
change your primary group and it'll work fine.

Comment 3 J. Lucha 2002-04-12 21:14:19 UTC
Just doing a 'chgrp' doesn't help from samba, which is why I need it to actually
work correctly.

I just used the described technique to verify that the problem wasn't samba's.

Comment 4 Alan Cox 2003-06-07 18:24:56 UTC
We don't plan to address this limitation. There has been some 2,5 discussion
about it and the general opinion is not to do so. In paticular things like NFS
have this limit built into the protocol