| Stephen Gran on 2 Aug 2006 23:52:54 -0000 |
|
On Wed, Aug 02, 2006 at 07:13:39PM -0400, George Gallen said:
> didn't know about getent or id.
>
> id actually was more helpful.
>
> as below:
> uid=500(george) gid=100 groups=100,0(root),12(mail),31(sysprog1),32(sysprog2),50
> (ftp),51(smmsp),54(lock),99(nobody),21,554,555,600
This output shows me that group numbers 100,21,554,555, and 600 have no
names (or ambiguous overlapping names) associated with them. There is a
possibility that if you have a cranky c library, it won't display the
group name if it's greater than 8 characters, but I haven't seen that
too recently.
> I started putting my name in all the groups to find out which one it stopped at,
> Until I can come up with something, I'll put all the system groups up front, and
> leave the hugh one at the end.
>
> It seems to stop finding group names at one group name
> one that has about 50 or 60 names in the group. All
> separated by commas, no weird characters.
There is a limit on how many people can be members of a group, but it
shouldn't be anywhere near that low. You can check the compile time
setting with getconf, but I can't for the life of me remember the macro
to give it. I don't think it's NGROUPS_MAX (I think that's how many
groups a user can be a member of, not how many members can be in a
group), but maybe google will tell you.
At any rate, if it was NGROUPS_MAX, you would run
getconf NGROUPS_MAX
Pity I really don't think that's it.
> the getent didn't show anything too different that cating
Good, that means all your groups are actually in /etc/group, and not in
NIS, LDAP, or some other odd, impossible to debug backend.
My advice, since it sounds like you've got a pretty straight forward
backend, is to just make some tools do some eyeballing for you:
awk -F: '{print $1}' /etc/group | sort | uniq -c | awk '$1 > 1 {print $2}'
awk -F: '{print $3}' /etc/group | sort | uniq -c | awk '$1 > 1 {print $2}'
Repeat for /etc/gshadow.
The first sorts on group name, and prints if it's not unique, the second
sorts on group number and prints if it's not unique. There are more
elegant ways to write it, but the file shouldn't be so big and you
shouldn't be running it so often it really matters. The important thing
is, if you have any output at all from those commands, you have
something to investigate.
--
--------------------------------------------------------------------------
| Stephen Gran | In order to dial out, it is necessary |
| steve@lobefin.net | to broaden one's dimension. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|