Subject: Re: problem with user in 16+ groups
To: Paul de Weerd <paul@mail.me.maar.nu>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: port-i386
Date: 10/21/2001 13:22:25
--+g7M9IMkV8truYOl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Oct 20, 2001 at 01:19:08AM +0200, Paul de Weerd wrote:
> [uid@potato] $ ssh some.server.tld
> uid@some.server.tld's password:
> Last login: Sat Oct 20 00:46:32 2001 from potato.domain.
> NetBSD 1.5.1 (Some Server config) #0: Sat Feb 30 20:15:38 CEST 2001
>=20
> unable to set user context: Invalid argument
> Connection to some.server.tld closed.

Huh. There's a long-standing (pre-Berkely/AT&T split, to my knowledge)
limit on the number of groups a user can usefully be a member of at
16. But it should just cause that user to not get the additional
groups' priveleges, not prevent his logging in. (This is just the
way things are and always have been. It's the reason, along with
large-scale development using CVS or a similar versioning system, that=20
groups are NOT a practically useful access control mechanism.)

Is it possible that your login binary, home directory, or some
security measure causes the user to get booted?

--=20
       ~ g r @ eclipsed.net

--+g7M9IMkV8truYOl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvTBFEACgkQ9ehacAz5CRoa8ACfaPiedsnW+bn3rlhiQvHxayzf
3/4AnRLkekMuzrkItxiE/2JlmpDbpPvn
=FT49
-----END PGP SIGNATURE-----

--+g7M9IMkV8truYOl--