Re: getgroup invalid argument in /var/adm/messages

From: Ramin Dousti (ramin_at_cannon.eng.us.uu.net)
Date: 07/23/03

  • Next message: Ben Lindstrom: "Re: getgroup invalid argument in /var/adm/messages" 
    Date: Wed, 23 Jul 2003 15:59:00 -0400
To: "Schubert, John [NTWK SVCS]" <jschub01@sprintspectrum.com>

    On Wed, Jul 23, 2003 at 01:20:34PM -0500, Schubert, John [NTWK SVCS] wrote:

    > Heh, caught again by the RTFM monster. :) I didn't think to read the man getgroups.
    > I grep'd the config files, and then ultimately out of desperation the whole ssh and sshd directories for a setting. Where exactly would I find the argument for NGROUPS_MAX? (I used 'grep -i group' and didn't find any references to groups).
    >
    > Not to split hairs, but my "man getgroups" states that SETGROUP (not GETgroup) will fail when NGROUPS > NGROUPS_MAX. GETGROUP fails when "the value of gidsetsize is non-zero and less than the number of supplementary GIDs set for the calling process".
    >
    > To ask the next logical question: Where is the NGROUPS_MAX set and the number of groups the calling process is a member of? I'm a relative newby to programming, but would the calling process group list be found with as simple of a command as "groups root", since SSHd is called by root by /etc/rc2.d/S77sshd ??
    >

    As another poster said, this is a #define statement in one of the header
    files:

    # grep NGROUPS_MAX /usr/include/*
    /usr/include/limits.h:#define NGROUPS_MAX 16 /* max number of groups for a user */

    And the question still remains, does sshd belong to many groups on your system?

    Ramin

    > I appreciate your help.
    > John
    >
    >
    >
    > -----Original Message-----
    > From: Ramin Dousti [mailto:ramin@cannon.eng.us.uu.net]
    > Sent: Wednesday, July 23, 2003 12:48 PM
    > To: Schubert, John [NTWK SVCS]
    > Cc: secureshell@securityfocus.com
    > Subject: Re: getgroup invalid argument in /var/adm/messages
    >
    >
    > It looks like the message is coming from:
    >
    > uidswap.c line 70:
    >
    > saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
    > if (saved_egroupslen < 0)
    > fatal("getgroups: %.100s", strerror(errno));
    >
    >
    > >From the man pages on getgrroups:
    >
    > ...
    > getgroups() will fail if:
    >
    > EINVAL The value of gidsetsize is non-zero and less
    > than the number of supplementary group IDs
    > set for the calling process.
    > ...
    >
    > It means that the calling process (sshd) belongs to more groups
    > than NGROUPS_MAX is defined for. Is that the case?
    >
    >
    > Ramin
    >
    >
    >
    > On Wed, Jul 23, 2003 at 10:55:43AM -0500, Schubert, John [NTWK SVCS] wrote:
    >
    > > Hello,
    > > I have an error message popping up in the /var/adm/messages file for sshd that reads:
    > > Jul 19 04:31:35 omp sshd[21167]: [ID 800047 auth.crit] fatal: getgroups: Invalid
    > > argument
    > > Jul 19 05:33:19 omp sshd[15334]: [ID 800047 auth.crit] fatal: getgroups: Invalid
    > > argument
    > > and continues to repeat with irregularity. I have searched through the Man pages for SSH, SSHd, performed a Google search on the context of the error, and searched the list archives here. I also looked through the sshd_config file for anything out of the ordinary, and it looked ok. I have about 350 machines running SSHd, and I checked a handful of the others and they did not have the errors listed above.
    > > Any ideas on what is happening or where I can look? SSHd is running and allowing people to log in. This is OpenSSH_3.2.3 (p1) installed on a Sun Netra T1120 server running Solaris 8.
    > > Thanks,
    > > John

  • Next message: Ben Lindstrom: "Re: getgroup invalid argument in /var/adm/messages"