Solaris 11.2: No Limits
By Casper Dik-Oracle on May 02, 2014
In the past, I have increased a number of limitations in Solaris:
- In Solaris 11.0, I increased NGROUPS_MAX to 1024 (from 32); also available since Solaris 10u8.
- In Solaris 11.1, I added support for more than 16 groups for NFS AUTH_SYS authentication
- In Solaris 11.1, I changed the system calls getcwd() and realpath() to support returning pathnames longer than MAXPATHLEN (and introduced frealpath() while I was in that code)
So what did I change in Solaris 11.2? It was about time to look at the restrictions of user names and group names.
In a micro release, such as a Solaris 11 update, we cannot modify constants such as LOGNAME_MAX because of binary compatibility, we can only do that in a future minor release. However, we can modify the code that limit usernames. These are the bugs we have fixed and this shows how much work it actually was:
14933330 SUNBT4033673 getlogin causes passwd to fail if login name is longer than 8 chars
14954449 SUNBT4109819 programs inconsistently limit the size of user names
15059729 SUNBT4435330 logname(1) prints out only part of long login name
15178384 SUNBT4927530 *w* w(1) truncates usernames to 8 chars
15393621 SUNBT6551524 su truncates LOGNAME for long usernames.
15436992 SUNBT6627292 *cron* confused about username lengths
15550167 SUNBT6819489 *su* sulog source username truncated to 8 chars but not destination
15574163 SUNBT6857992 ps -u does not support usernames longer than 10 chars
15579148 SUNBT6866548 last command does not support usernames longer than 8 characters
17528753 group name handling in Solaris is a standards violation
17528788 useradd(1m) user name handling problems
17600453 bug 15226690, find with long usernames, not completely fixed
17600724 The fix for 14954449 misses some programs (in.rlogind, in.rshd. zone*, dump)
17625438 group file updates very inefficient.
17625458 pwck lives in the past
18068180 SunSSH truncates usernames/home directories with %.100s
18068355 A few programs still limit the size of user names.
18068215 passmgmt invents its own limits for the sizes of entries in /etc/passwd
In generaly, the code was changed to lift limits, but we are generally limited by the format of the utmpx file. The maximum length of a username that can be stored there, is 32 bytes. This is now a safe limit and we support user names in length upto 32 characters, despite protests from useradd(1m). getlogin() and getlogin_r() can return a string of at most 33 characters, including the final NUL character. Of course, getlogin_r() will not store past the end of the buffer given to it but it will now accept a buffer of any size. Programs changed are, among others:
- ls(1) - now a 64 bit executable
- find(1) - now a 64 bit executable
- cron(1) etc
- in.rexecd(1m), in.rshd(1m), in.rlogind(1m)
And libraries such as libsocket (remote shell/remote login/rexec protocol)
I could only wonder why so many applications cache the return value of getpwuid() and getgrgid() while doing that in a fixed sized character array.
For reasons only known in New-Jersey, we didn't allow groupnames over 8 characters while limiting the characters to lower case and digits; as there is no manifest constant defining the size of a group name, there is no problem increasing it so we currently support upto 32 characters and we now accept all portable file name characters in a group name (lower and upper case, digits, dot, hyphen and underscore as long as the name doesn't start with a hyphen. Other than programs caching the result of getpwuid(), I found no other limits on the length of a group name in our code.