Professional Web Applications Themes

user to a single group - Linux / Unix Administration

Hey all, Am I correct in seeing that a user can only be added to anyone group at a time? Anyone know of a really good indepth source for this?...

  1. #1

    Default user to a single group

    Hey all,

    Am I correct in seeing that a user can only be added to anyone group at
    a time? Anyone know of a really good indepth source for this?

    Wizumwalt@gmail.com Guest

  2. #2

    Default Re: user to a single group

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    com wrote: 

    A user can belong to many groups simultaneously.

    On some Unix systems, a user can only be /active/ in one group at a time, and
    can switch groups on the fly using commands. Of course, the user can only switch
    between groups that s/he already belongs to.

    On other Unix systems (I believe, most every recent Unix since BSD) a user can
    both belong to many groups simultaneously, and be active in many groups
    simultaneously.
     

    The Posix/Single Unix Specification standards? http://www.opengroup.org/


    - --
    Lew Pitcher
    IT Specialist, Enterprise Data Systems,
    Enterprise Technology Solutions, TD Bank Financial Group

    (Opinions expressed are my own, not my employers')
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (MingW32)

    iD8DBQFD8MmjagVFX4UWr64RAjT/AJ0f7tfaYBOYnyu5oJ/2D0mdVqYNagCeINHl
    lx3WgRlyTg7paH6+MHj5ohE=
    =2olP
    -----END PGP SIGNATURE-----
    Lew Guest

  3. #3

    Default Re: user to a single group

    On 13 Feb 2006 09:35:34 -0800, com <com> wrote: 

    Nope. They can have only one primary GID (the one in their passwd file
    entry) but they can be in as many groups as you want them to.
     

    See above. It's wrong, so while you may be able to find plenty of
    sources, they'd be wrong too.

    Dave Guest

  4. #4

    Default Re: user to a single group

    com wrote: 

    No. It is trivial to add a user to many groups at the same time.
     

    man 4 group

    Doug Guest

  5. #5

    Default Re: user to a single group

    2006-02-13, 18:42(+00), Dave Hinz: 
    >
    > Nope. They can have only one primary GID (the one in their passwd file
    > entry) but they can be in as many groups as you want them to.[/ref]
    [...]

    Well, most systems have a limit on this. And NFS might impose a
    strickter one. I've encountered 16, 32 and 65536 so far.

    --
    Stéphane
    Stephane Guest

  6. #6

    Default Re: user to a single group

    On Mon, 13 Feb 2006 19:19:05 +0000, Stephane CHAZELAS <invalid> wrote: 
     [/ref]
     

    OK, I'll modify my statement to say that they can be in as many groups
    as it is logical to need them in. If you exceed your OS's limitation,
    you're over-fragmenting your permissions structure.

    Where did you see a 16 or 32 group limit, by the way?

    Dave Guest

  7. #7

    Default Re: user to a single group

    2006-02-13, 19:38(+00), Dave Hinz: 
    > [/ref]

    >
    > OK, I'll modify my statement to say that they can be in as many groups
    > as it is logical to need them in. If you exceed your OS's limitation,
    > you're over-fragmenting your permissions structure.
    >
    > Where did you see a 16 or 32 group limit, by the way?[/ref]

    16 on Solaris 7. 32 is returned by glibc 2.3.2 getconf
    NGROUPS_MAX on one Linux system, here, but it doesn't match the
    kernel limit (65536 as per /proc/sys/kernel/ngroups_max).

    I don't know what is the NFS limit, but I would expect it
    do be rather low given that the group list must be passed in
    most requests.

    --
    Stéphane
    Stephane Guest

  8. #8

    Default Re: user to a single group

    In article <net>,
    Dave Hinz <net> wrote:
     
    > [/ref]

    >
    > OK, I'll modify my statement to say that they can be in as many groups
    > as it is logical to need them in. If you exceed your OS's limitation,
    > you're over-fragmenting your permissions structure.
    >
    > Where did you see a 16 or 32 group limit, by the way?[/ref]

    Solaris has this limit. If you have NFS, there's a hard limit of 16
    groups. If you don't use NFS, you can go to 32. Solaris doesn't
    support users being a member of more than 32 groups. If you need to
    have access to more than that, use file ACLs.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  9. #9

    Default Re: user to a single group

    Dave Hinz wrote: 
    > [/ref]

    >
    > OK, I'll modify my statement to say that they can be in as many groups
    > as it is logical to need them in. If you exceed your OS's limitation,
    > you're over-fragmenting your permissions structure.[/ref]

    Not necessarily. For example, you might have a large organization with
    lots of groups (maybe one for each project) and an employee who has been
    at the company 10 or 20 years and has been involved in hundreds of
    projects over that time.

    - Logan
    Logan Guest

  10. #10

    Default Re: user to a single group

    Logan Shaw wrote: [/ref]
    > [/ref]
    > [/ref]

    >
    > Not necessarily. For example, you might have a large organization with
    > lots of groups (maybe one for each project) and an employee who has been
    > at the company 10 or 20 years and has been involved in hundreds of
    > projects over that time.[/ref]

    This has always been a design flaw in UNIX. While overflowing the
    allowed
    number of groups is *usually* the result of poor permissions design and
    a
    sign that you need to rethink your strategy, there are those occasional
    times when it makes perfect sense to have someone in a ton of groups.

    So which should it be - Have UNIX enforce the usual and beat exceptions
    into submission with ACLs, or fix the design flaw in the first place,
    end up
    supporting tons of groups, and open yourself to crappy permission
    designs? It's a religious question not a really technical one. UNIX
    already
    picked one side by virtue of existing so long ago 32 groups seemed
    infinite.

    ACLs beat groups for this issue anyways. Sure enough, ACLs
    originated in the various mainframe worlds (I first encountered them
    with the file ACCESS.USR on TOPS-10), filtered through other
    operating systems over the years, and have become a late addition
    to UNIX.

    Doug Guest

Similar Threads

  1. Replies: 2
    Last Post: May 17th, 06:25 AM
  2. How to get the user and group ID?
    By Rene in forum Mac Programming
    Replies: 8
    Last Post: December 11th, 07:10 AM
  3. Installing app for single user in XP
    By Chris in forum Windows XP/2000/ME
    Replies: 8
    Last Post: July 29th, 04:56 AM
  4. OS X and single user
    By Scott in forum Mac Applications & Software
    Replies: 8
    Last Post: July 7th, 10:57 PM
  5. Database set to Single User? How?
    By Dinesh.T.K in forum Microsoft SQL / MS SQL Server
    Replies: 2
    Last Post: July 2nd, 03:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139