Why is max groups set so low (16)?

Bruce Evans bde at zeta.org.au
Sat Nov 29 18:00:37 PST 2003

On Sun, 30 Nov 2003, Samy Al Bahra wrote:

> On Wed, 26 Nov 2003 13:37:15 +1100 (EST)
> Bruce Evans <bde at zeta.org.au> wrote:
> > The binary compatibility problems seem to be small.  libc doesn't have
> > any references at all to NGROUPS_MAX except in man pages, but that is
> > partly because it mostly misspells NGROUPS_MAX as NGROUPS.
> This isn't a misspelling, param.h defines the following:
> #define NGROUPS         NGROUPS_MAX     /* max number groups */

I mean that it is an archaice spelling.  It is the BSD spelling of
NGROUPS_MAX so it should not be used in any code written since the
latter was standardized 15 years ago.

> > getgroups(2) and setgroups(2) are limited by whatever the kernel
> > wants, not by their API, although their documentation says that there
> > is a compile-time limit
> setgroups does not allow a user to be in a a greater number of groups
> than NGROUPS. It references this macro directly, meaning, it is a
> compile-time limit.
> Could you elaborate on what you mean exactly by "whatever the kernel
> wants"?

setgroups() is in the kernel, so it can easily be compiled using a
different value of setgroups().  Applications just need to pass a
gidset array with all the groups that they want and it will work
provided the kernel supports that many.  OTOH, a bad API that required
setgroups() to pass a (pointer to a) gidset array of precisely NGROUPS_MAX
elements would not work.  Similarly for getgroups().  It returns the
number of groups that there are, so applications can use dynamic
allocation to make the array large enough.  However, the guarantee that
the number is <= NGROUPS_MAX encourages applications to used fixed-size


More information about the freebsd-standards mailing list