SLES MAX_MEMBERS_PER_GROUP

Hi,

 I am attempting to configure a SLES 11.1 server to allow 1000's of users in a group without exceeding the maximum character limit per group line in  /etc/group.  Under openSuSE 13.1 I can set the variable MAX_MEMBERS_PER_GROUP in /etc/login.defs to any number I need and usermod will create a new line in /etc/group with the same group name and gid to allow the addition of more group members.  But my investigation of SLES 11.1 SP 3 does not honor that setting.  Does anyone have insight into how to accomplish the same end goal under SLES 11.1?

 Thank you!

Lee Fellows

Hello Lee,

this is something that might go deep down into the mechanics of the various libraries - are you in a position to open a service request (IOW, have standard or priority support) so that some SUSE engineer with access to code internals may give you an answer?

One possible reason is mentioned in the login.defs man page (on systems supporting MAX_MEMBERS_PER_GROUP):

Such inconsistencies don’t provide stable production environments, so if this was left out on purpose, this may have contributed to the decision. (Please note: I don’t know if this functionality is available in SLES11SP1 and/or later, but hidden - I’m just speculating on why it might have been left out.)

Regards,
Jens

Hi Jens,

 Thank you!  I had seen that disclaimer and understand your point.  Our problem is that we may well need to accommodate 1000's of group members in one group while working around the hard limit on group line size.  It seems our only option then is the old school technique of duplicating the target group name and gid in the group file and slightly modifying the group name with each new line.  Our preference would be to use system tools to manage this.  Am I missing something?

Lee

Hi Lee,

It seems our only option then is the old school technique of duplicating the target group name and gid in the group file and slightly modifying the group name with each new line.

how about using a different back-end, like LDAP, to store the data? Every tool should be prepared to get data from there via the standard APIs and there are no file, who’s line length limits might be in the way…

Regards,
Jens