4

I am trying to create a NIS group with a member list that exceeds 1024 characters. Now I can't do that because the database that NIS uses restricts the value part of the key/value pair to 1024 characters.

The internet suggests that I should be able to break up the list and have sub-lists as members of the main list, but it doesn't seem to work for me.

Theoretically, I should be able to go:

group:x:999:sublist1,sublist2
sublist1:x:998:a,b,c, [...]
sublist2:x:997:m,n,o, [...]

Then make and deal with nscd caches... if I then check a user account involved:

$ id
[...]
groups=[...],998(sublist2)

Since I want to use the group group, I should be able to go:

$ newgrp group
Sorry.

...but it doesn't work.

What am I doing wrong here?

David Mackintosh
  • 14,223
  • 6
  • 46
  • 77

1 Answers1

4

I think you need to keep the GID that same for all the (sub)groups and have the real group as the first to be found e.g.

somegroup:x:999:a
somegroup1:x:999:b,c,d, [...]
somegroup2:x:999:e,f,g, [...]
user9517
  • 114,104
  • 20
  • 206
  • 289
  • You can assure that the ordering of the entries in a static file. However, NIS/YP uses a database and the order of retrieval is not guaranteed. – mdpc Oct 04 '10 at 22:56
  • @mdpc -- that would only matter if you wanted to list the members of a group. I don't want to do that, all I want is for the group members to pick up the membership -- this is a stop-gap issue -- so this might work. – David Mackintosh Oct 05 '10 at 10:51
  • If the GIDs are the same, it works. – David Mackintosh Oct 05 '10 at 19:33
  • Also would there not be a problem with the newgrp command? In that the user would have to use the name of the group where his username appears and not the "general" name? – mdpc Oct 05 '10 at 20:30
  • Yes, you do have to use newgrp somegroupN to switch groups however the system will think you're in somegroup. It is a fugly hack but it works. – user9517 Oct 05 '10 at 21:08
  • It is actually just the GID I care about. – David Mackintosh Oct 06 '10 at 17:05