Tech Info 166: Maximum number of groups membership per user

HELIOS Tech Info #166

Wed, 3 Dec 2014

Maximum number of groups membership per user

HELIOS products do not have a direct limit of the number of groups a user can be member of but are restricted by the limits of the underlying server operating system.

Known operating system limits are:

OS version    default max    increased max
Solaris 8-11   16 32   1024 since
Solaris 10 8/11, 11.1
AIX 5.3-7   128 128   2048 since
AIX 7.1
Linux 2.6 and higher   65536 65536    
OS X 10.6-10.12   16 16    
Windows Server 2008-2012   1024 1024    

On UNIX systems you can use the following command line to query the current limit:

# getconf NGROUPS_MAX

How to change the number of groups:


Solaris:

edit “/etc/system” and add or change the line:

ngroups_max = VALUE

AIX:

# chdev -l sys0 -a ngroups_allowed=VALUE

sys0 changed

Thereafter a reboot is required for the change to become effective.

If you are using HELIOS services with AD/PDC authentication and your server operating system does not support a sufficient number of groups per user, see the HELIOS Base UB64 User manual, chapter “10.1.8 AD/PDC users/groups” for options that allow you to limit the number of PDC groups for PDC users with access to the HELIOS server.

If you are using HELIOS volumes on NFS imported file systems, and your users belong to more than 16 groups, check with your NFS server supplier for its exact limits, e.g. whether only 16 groups are honored or whether the NFS server has an option to resolve groups of a user name himself, against the name server.

If the HELIOS server itself is the NFS server, e.g. for NFS clients doing a backup with “dt sync”, you also must verify the NFS servers group membership limits.