What is the limitation on number of users per group in Red Hat Enterprise Linux?

Resolution

• By default, there is no limit to number of members that can be included within the /etc/group file. When the maximum entry is reached, a new group entry(line) is started with the same name, same password and same GID.

• Within the man page for groupadd, we can see the MAX_MEMBERS_PER_GROUP parameter can be set in the /etc/login.defs file. The default value for this setting is 0, which would result in no limits are applied per group entry within /etc/group:

MAX_MEMBERS_PER_GROUP (number)

Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID).
The default value is 0, meaning that there are no limits in the number of members in a group.
This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters.
If you need to enforce such limit, you can use 25.
Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this variable unless you really need it.

• The MAX_MEMBERS_PER_GROUP parameter is strictly a limit of the /etc/group file and its associated libraries. However, underlying limits are imposed by the choice of storage mechanism for groups and these would need to be taken into consideration individually. For example, using something like LDAP as the back-end would allow for larger group memberships.

• It is also important to consider how larger numbers of users within a given group could affect tools that attempt to perform operations on all members of that group. In general, most tools are only concerned with the requesting user and the groups that particular user is a member of. But, certain other tools (for example, some backup utilities and the like) can perform wholesale group actions. We would recommend testing these tools within your environment to confirm operability to the desired scale of users. The other class of tool that might have issues would be the more primitive user and group administration tools that are not designed for such scale. This is why it might be more appropriate to implement something such as an LDAP back-end and to use associated enterprise class tools for administration. One example of this is IPA.