Removed sshusers and did: #: usermod -g client2 dummyuser And it SUCCEEDED! In useradd's man - there's something like: MAX_MEMBERS_PER_GROUP (number) "Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID). .... This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters. .... You should not use this variable unless you really need it." Guess it would be it, but I'm affraid of the last line - won't it break anything with ISPConfig or Debian? For now, I'll make a copy of sshusers group and set it to those groups, I know I need...and start adding SSH support with much more cousion (remove it from apache plugin as you said). I guess the whole thread should be reported as a useradd bug Thanks for help Till, JMB
I have no Idea if setting MAX_MEMBERS_PER_GROUP in /etc/login.defs or as -K MAX_MEMBERS_PER_GROUP=25 parameter of the useradd command has any negative consequences. ISPConfig uses only the Linux commands useradd and usermod and groupadd to modify the passwd and group file, so if these commands are able to work with split groups correctly, then it might work.
The manual says that it can break compatibility with "shadow" group of programs. No specified programs given....that's why I think it's risky, but probably worth trying. I'll stick with the "no sshusers group" solution for the production server and test the MAX_MEMBERS_PER_GROUP on test box (and report back later). Thanks, JMB