Re: Supplemental groups count in Linux

On 12/8/2024 11:06 PM, vallor wrote:

On Sun, 8 Dec 2024 19:23:50 -0500, DFS <guhnoo-basher@linux.advocaca>
wrote in <vj5daf$30up$2@dont-email.me>:
 

On 12/8/2024 12:12 AM, vallor wrote:

NGROUPS_MAX is the maximum supplemental group count for a Unix login.
>
On Linux, it is 65536.
>
But on MacOS and NetBSD, it is 16 -- which is the old standard.
>
Even worse, MacOS has all but filled the supplemental groups with
gid's for its own housekeeping:
>
$ for II in `id -G -n`; do echo $II ; done
staff
everyone
localaccounts
_appserverusr
admin
_appserveradm
_lpadmin
_appstore
_lpoperator
_developer
_analyticsusers
com.apple.access_ftp
com.apple.access_screensharing
com.apple.access_ssh
com.apple.access_remote_ae
>
$ for II in `id -G -n`; do echo $II ; done | wc -l
        15
>
What a waste of space!  On Linux:
>
$ for II in `id -G -n`; do echo $II ; done
scott
adm
cdrom
sudo
dip
plugdev
lpadmin
sambashare
wireshark
libvirt
nordvpn
>
$ for II in `id -G -n`; do echo $II ; done | wc -l
11
>
Conclusion:  Linux is a modern OS, with much more administrative
flexibility.  Complex user-sharing configurations can be set
up -- encompassing, if needed, thousands of supplemental
groups.
>
p.s. If someone could run this on Windows and report the value,
I'd much appreciate it:
>
   - - %<- cut here - %<- - -
#include <stdio.h>
#include <limits.h>
>
int main (void)
{
>
printf("%d\n",NGROUPS_MAX);
>
return 0;
}
>
   - - %<- cut here - %<- - -

>
>
D:\temp>tcc ngroups.c -o ngroups.exe
ngroups.c:6: error: 'NGROUPS_MAX' undeclared

 No POSIX for you.
 Seriously, though, try this:
 #define _POSIX_
#include <stdio.h>
#include <limits.h>
 int main (void)
{
 printf("%d\n",NGROUPS_MAX);
 return 0;
}

$ tcc ngroups.c -o ngroups.exe
In file included from ngroups.c:3:
d:/computer/apps/compilers/tcc/tcc-0.9.27/include/limits.h:105: warning: PATH_MAX redefined
$ ngroups
16
Obviously 16 isn't the max number of user groups you can create on Windows.  I can't find a max value online.  I did find that a user can be a member of a maximum of ~1015 groups.

I know the answer though, because I downloaded tcc and looked
in limits.h -- which you could have done. 

I was going to... but my balls started itching and I had to take care of that.

(But I don't think
the value in there properly reflects the system value -- couldn't
find a prototype for getgroups(3).)

Linux:
$ sudo groupadd demo
$ sudo groupdel demo
Windows:
$ sudo net localgroup demo /add
$ sudo net localgroup demo /delete
To show groups:
$ net localgroup
Aliases for \DFS-WIN11PRO
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*OpenSSH Users
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*User Mode Hardware Operators
*Users
That's 21 groups that were created automatically during install and configuration (I didn't manually create any of them).