- 论坛徽章:
- 0
|
DESCRIPTION:
By default according to the Solaris Administration Guide, Solaris OE supports 1 primary group and 16 supplementary groups. How do you increase the maximum number of groups to which a user can belong to more than 16?
SOLUTION:
The group database (NIS map or local /etc/group file) stores information about user groups, traditionally called UNIX groups. A user group is a collection of users who can share files and other system resources. For example, a set of users who are working on the same project might form a user group. Each group has a Group ID (GID), which identifies it internally to the system. A group should have a name and a list of user names.
Every user on a Solaris system belongs to at least 1 primary group and an absolute maximum of 32 secondary (supplementary) groups. By default, this supplementary group value (NGROUPS_MAX) is set at 16.
Solaris source code header file /usr/include/sys/param.h contains the following information.
/*
* These define the maximum and minimum allowable values of the
* configurable parameter NGROUPS_MAX.
*/
#define NGROUPS_UMIN 0
#define NGROUPS_UMAX 32
/*
* NGROUPS_MAX_DEFAULT: *MUST* match NGROUPS_MAX value in limits.h.
* Remember that the NFS protocol must rev. before this can be increased
*/
#define NGROUPS_MAX_DEFAULT 16
The NGROUPS_MAX value defaults to 16, and the absolute maximum is 32. The default value can be reset as follows:
Edit the /etc/system file and add the following line:
set ngroups_max = 32
Reboot the system.
Verify that NGROUPS_MAX has been set to the correct value after rebooting using the getconf command.
# getconf NGROUPS_MAX
32
Note: Do not raise the value of NGROUPS_MAX above 16 for systems that need to be NFS clients as this will break NFS authorization and those users will not be able to login because NFS internally depends on NGROUPS_MAX and is limited to only 16.
Also, while booting up, the following message is displayed on the console:
WARNING: ngroups_max of 32 > 16, NFS AUTH_SYS will not work properly
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/26090/showart_291781.html |
|
免费注册
发表于 2007-05-05 14:57