RE: getgroup invalid argument in /var/adm/messages
From: Schubert, John [NTWK SVCS] (jschub01_at_sprintspectrum.com)
Date: Wed, 23 Jul 2003 13:20:34 -0500 To: "Ramin Dousti" <email@example.com>
Heh, caught again by the RTFM monster. :) I didn't think to read the man getgroups.
I grep'd the config files, and then ultimately out of desperation the whole ssh and sshd directories for a setting. Where exactly would I find the argument for NGROUPS_MAX? (I used 'grep -i group' and didn't find any references to groups).
Not to split hairs, but my "man getgroups" states that SETGROUP (not GETgroup) will fail when NGROUPS > NGROUPS_MAX. GETGROUP fails when "the value of gidsetsize is non-zero and less than the number of supplementary GIDs set for the calling process".
To ask the next logical question: Where is the NGROUPS_MAX set and the number of groups the calling process is a member of? I'm a relative newby to programming, but would the calling process group list be found with as simple of a command as "groups root", since SSHd is called by root by /etc/rc2.d/S77sshd ??
I appreciate your help.
From: Ramin Dousti [mailto:firstname.lastname@example.org]
Sent: Wednesday, July 23, 2003 12:48 PM
To: Schubert, John [NTWK SVCS]
Subject: Re: getgroup invalid argument in /var/adm/messages
It looks like the message is coming from:
uidswap.c line 70:
saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
if (saved_egroupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
From the man pages on getgrroups:
getgroups() will fail if:
EINVAL The value of gidsetsize is non-zero and less
than the number of supplementary group IDs
set for the calling process.
It means that the calling process (sshd) belongs to more groups
than NGROUPS_MAX is defined for. Is that the case?
On Wed, Jul 23, 2003 at 10:55:43AM -0500, Schubert, John [NTWK SVCS] wrote:
> I have an error message popping up in the /var/adm/messages file for sshd that reads:
> Jul 19 04:31:35 omp sshd: [ID 800047 auth.crit] fatal: getgroups: Invalid
> Jul 19 05:33:19 omp sshd: [ID 800047 auth.crit] fatal: getgroups: Invalid
> and continues to repeat with irregularity. I have searched through the Man pages for SSH, SSHd, performed a Google search on the context of the error, and searched the list archives here. I also looked through the sshd_config file for anything out of the ordinary, and it looked ok. I have about 350 machines running SSHd, and I checked a handful of the others and they did not have the errors listed above.
> Any ideas on what is happening or where I can look? SSHd is running and allowing people to log in. This is OpenSSH_3.2.3 (p1) installed on a Sun Netra T1120 server running Solaris 8.