practical limit on the number of UIDs

[Oleg Goldshmidt]

On Wed, Jun 29, 2011 at 11:20 AM, Muli Ben-Yehuda
<muli at cs.technion.ac.il> wrote:
> Is it feasible to build a contemporary Linux system with around 1
> million distinct user UIDs? Anyone tried it? We can assume only a
> relatively small subset of users will actually be logged in at once.

Formally, the kernel supports 2^32 users (since 2.6 - widening the uid
type to 32-bit was one of the changes from 2.4, but I assume you know
that better than I do :).

I assume you are more interested in the practical aspects. All the
comments regarding a DB behind authentication are very valid. Besides
that, I would expect that the real limitation will be your definition
of "a relatively small subset" of simultaneous logins.

Say you have 1M users. Do you expect a hundred being logged in at the
same time? A thousand? 10K? What will their workload be?

For each login resources are allocated. Each user will consume
threads, file descriptors, network ports, you name it. I expect you'll
hit some limits for a relatively small number of users. Especially if
you let users start multiple shell sessions that may be counted as
separate "logins".

If you decide to try an experiment you will probably need to look at
both system defaults and the default PAM configuration (the latter may
have relevant limits configured, and you may want to change them).

I would expect a beefy system with 1M distinct IDs (in a DB, etc.) and
<100 (to feel safe) concurrent users to be feasible.

An interesting variant may be a big farm of Linux machines with 1M
distinct users in a central DB and a scheme where a login process will
include an allocation of a machine and mounting the user-specific data
volumes (/home) on that machine, "on demand" (khmm... you know what I
mean).

-- 
Oleg Goldshmidt | oleg at goldshmidt.org