I added myself to one more group in /etc/group raising my total to 33 entries and found I could no longer log in via ssh. /var/log/secure reported "fatal: getgroups: Invalid argument". I removed the excess entry and tried again with "gpassword -a" and found that it silently lets me add the entry. This should issue a warning that Bad Things may happen. usermod and any other utility that touches the group file should issue a warning as well. I understand from some googling about this issue that a similar thing happens when Samba users using winbind are members of too many Windows groups. I'm not sure why this limit exists, but it appears to be a kernel build-time constraint.
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
Actual NGROUPS_MAX limit is: # cat /proc/sys/kernel/ngroups_max 65536 # grep NGROUPS_MAX /usr/include/linux/limits.h #define NGROUPS_MAX 65536 /* supplemental group IDs are available */
I'd guess this got fixed somewhere between FC2 and FC4. Apparently whatever was checking the group limit (pam_limits.so?) was looking at the constant in /usr/include/linux/limits.h instead of the kernel's runtime value. The higher limit is present in FC2's kernel, but the older limit of 32 is in FC2's header file. FC4 has 64k in the header file. So I'm guessing this might be a PAM bug within FC2. The bug may still be present but masked by the changed header file. http://mail.freestandards.org/pipermail/lsb-spec/2004-March/002609.html suggests that applications should be using sysconf(3) instead.
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
Fedora Core 4 is not maintained anymore. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release, please reopen this bug and assign it to the corresponding Fedora version.