Subject: Re: possible problem in getgrouplist (#groups > NGROUPS_MAX)
To: Tim Bandy <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 04/30/2002 14:53:04
On Tue, 30 Apr 2002, Tim Bandy wrote:
> I created a test account, and added that test account to more than
> NGROUPS_MAX groups, which is 16. This seems to cause initgroups to
> return -1, which causes problems for (at least) both sshd and
> telnetd. Is this intended behavior? If not, I believe that I have
> found (at least part of) the problem in getgrouplist.c, and can
Not sure, but it actually doesn't sound like that bad a behavior. As
counter-intuitive as that may sound, what else should we do if someone is
in more than NGROUPS_MAX groups? Just pick a random 16 of them? By
returning -1, we indicate that there's a (big) problem.
We probably should document this behavior though.