Subject: Re: possible problem in getgrouplist (#groups > NGROUPS_MAX)
To: Tim Bandy <>
From: Bill Studenmund <>
List: tech-userlevel
Date: 04/30/2002 14:53:04
On Tue, 30 Apr 2002, Tim Bandy wrote:

> I created a test account, and added that test account to more than
> NGROUPS_MAX groups, which is 16.  This seems to cause initgroups to
> return -1, which causes problems for (at least) both sshd and
> telnetd.  Is this intended behavior?  If not, I believe that I have
> found (at least part of) the problem in getgrouplist.c, and can
> send-pr.

Not sure, but it actually doesn't sound like that bad a behavior. As
counter-intuitive as that may sound, what else should we do if someone is
in more than NGROUPS_MAX groups? Just pick a random 16 of them? By
returning -1, we indicate that there's a (big) problem.

We probably should document this behavior though.

Take care,