On 09/07/2024 05:22, Otto Kekäläinen wrote:
While rare, it is possible for a user to be a member in more groups than what the system limit allows (on Linux typically NGROUPS_MAX=65536) and if that is the case, running `id` or `id user` will not print all of them. This is a minor bug, but easily fixable by emitting a warning if it happens. --- src/id.c | 7 +++++++ 1 file changed, 7 insertions(+)diff --git a/src/id.c b/src/id.c index 38d5517bd..c572b2d99 100644 --- a/src/id.c +++ b/src/id.c @@ -401,6 +401,13 @@ print_full_info (char const *username) ok &= false; return; } + else if (sysconf(_SC_NGROUPS_MAX) > 0 && n_groups > sysconf(_SC_NGROUPS_MAX)) + { + fprintf (stderr, + _("Warning: User '%s' may be member of more groups than "\ + "the system allows\n"), + (username != NULL) ? username : ""); + }if (n_groups > 0)fputs (_(" groups="), stdout);
I'm a bit confused with this patch. If the n_groups is larger than NGROUPS_MAX what consequence will it have? I.e. is there any point to id(1) warning about this edge case? id will be able to show all of the n_groups in this case right? I interpret NGROUPS_MAX as a static limit(ation), which more dynamic interfaces (like getgrouplist) are not constrained to. cheers, Pádraig
