LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-04-2012, 07:15 PM   #1
padeen
Member
 
Registered: Sep 2009
Location: Perth, W.A.
Distribution: Slackware 14, Debian 7, FreeBSD, OpenBSD
Posts: 172

Rep: Reputation: 34
Disparity between `groups` and /etc/group


There is a discrepancy between supplementary groups given via `groups` (or `id -Gn` which is equivalent according to the info file) and the contents of /etc/group, and by extension the contents of /etc/gshadow. There are several of my supplementary groups in which I do not appear in /etc/group.

Where does `groups` get its information from?

Taking a guess, I suspect that adding supplementary groups via usermod -aG does not correctly update /etc/groups.

I discovered this when trying to find out why sound in a script would not work when run via the "at" daemon. Running the script directly would play the sound fine. It turned out that, notwithstanding anything `groups` would tell me, I was not listed as a member of audio in /etc/group. Adding myself to audio via gpasswd added me to audio in /etc/group and had the side effect of also updating /etc/gshadow.
 
Old 04-04-2012, 07:32 PM   #2
lyle_s
Member
 
Registered: Jul 2003
Distribution: Slackware
Posts: 388

Rep: Reputation: 52
Have a look in /etc/login.defs; there's a list of groups and a good explanation there.

Lyle.
 
1 members found this post helpful.
Old 04-05-2012, 06:38 AM   #3
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 2,993

Rep: Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737
Something you ought to know is, from the manual page for gpasswd,
Quote:
Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.
Basically, you don't want to fiddle with group passwords 'cause you can create a mess without really trying.

The "better" way to add a group to a given user account is the usermod utility (and you need to be careful with it, too:
Code:
usermod -a -G group[,group,group,group] userid
is the proper syntax to use to append group(s) to a userid.

There really isn't a good reason to use group passwords in virtually all normal operations; for what it's worth, I've never, in over 30 years of working with Unix/Linux systems, needed to use group passwords (been there, did that, didn't like it, undid it and stopped doing again).

In a normal (whatever normal may be) Slackware installation a user would need to be in these groups:
Code:
groups
users lp floppy dialout audio video cdrom plugdev power usbfs netdev scanner vboxusers cvs
In the above, scanner, vboxusers and cvs are added for (1) an all-in-one printer, (2) VirtualBox and (3) CVS. Other than those, this list should be complete. There would be added with
Code:
usermod -a -G scanner,vboxusers,cvs userid
Hope this helps some.

Last edited by tronayne; 04-05-2012 at 06:41 AM.
 
Old 04-05-2012, 08:35 PM   #4
padeen
Member
 
Registered: Sep 2009
Location: Perth, W.A.
Distribution: Slackware 14, Debian 7, FreeBSD, OpenBSD
Posts: 172

Original Poster
Rep: Reputation: 34
Thanks for the comment. I'm not using gpasswd to set up group passwords, just to add a user to a group. The Linux man page for gpasswd almost implies that setting a password is only a supplementary feature of gpasswd, the way I read it anyway.

I did discover vigr from reading login.defs, which I had not heard of before.

It seems to me that the implementation of logins.defs is broken if a user's sub-shells don't inherit the user's full set of supplementary groups including those in login.defs.

I wrote a blog post about my trouble with sound in the sub-shell created by "at". It was caused by the sub-shell's user not being a member of audio group.

Last edited by padeen; 04-05-2012 at 08:44 PM.
 
Old 04-06-2012, 03:39 AM   #5
GazL
Senior Member
 
Registered: May 2008
Posts: 3,312

Rep: Reputation: Disabled
If you add your users in the recommended way with the adduser script (not useradd) then it'll add all the appropriate groups for audio and suchlike for you (you have to press up-arrow at the appropriate point. It's mentioned in the on-screen instructions, but people tend to skip-read and miss it.

I tend to agree that the CONSOLE_GROUPS option in login.defs is probably only confusing matters and has little if any value these days. I wouldn't go so far as to say it's broken though.


BTW, the -a (append) option on usermod was only added on a recentish version of pkg-shadow so on older versions of Slackware you had to use "gpasswd -a" to add users to additional groups. Despite what tronayne said above, there's nothing wrong with using gpasswd for this, and I still believe it's the safer way to do this than usermod. I also disagree with his warning about group passwords, When used in the appropriate situation I see no problem with them. The warning on the man-page is simply the usual one about the weaknesses inherent in any shared-password scheme.

Last edited by GazL; 04-06-2012 at 03:54 AM.
 
1 members found this post helpful.
  


Reply

Tags
groups


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Groups members of a group Evstrati Linux - Newbie 1 11-25-2010 06:22 PM
Get group name from GID without parsing /etc/groups (Linux) EmrldDrgn Programming 3 09-14-2010 02:05 AM
invalid group id redhat linux as 5 - all groups in group file are invalid groups nlong1 Red Hat 1 02-15-2009 03:43 AM
Group of Groups ziox Linux - General 5 05-04-2007 09:28 AM
Supplementary groups ? and group? what is the difference? funnyusa Linux - Newbie 3 06-29-2003 03:16 PM


All times are GMT -5. The time now is 07:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration