Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A normal user tries to login onto Linux (SuSE) System who has his/her account on it. What happens if somehow the primary group which it belongs to, does not exist.
Will the system allow him to get in simply because his account exist or will it deny access?
I have tested this on a test system...I created a local user and changed his group-id to some arbitrary number in /etc/passwd File. The system still allows him to login without any problem and id command shows his primary group as this nonexistent number. So I feel system has no problem what so ever if his group-id has any meaningful association on system. Is it really so?
Does this as well hold true for NIS or LDAP Authentications?
Thanx in advance.
AFAIK the kernel and the filesystem are concerned only with UID and GID. The user and group names are for the convenience of humans. Any program that needs to show a name uses /etc/passwd or /etc/group to find out what the name is. Otherwise, it uses some substitute. For example, if your user creates files and then uses ls -l to list them, you will see the group owner given as a number.
In LFS, when you first chroot into your new system, you get the bash prompt "I have no name" because there is no /etc/fstab as yet, so bash doesn't know that user 0 should be called root. But you still have full root powers because that goes with with the UID 0.
Correct: a group-id (like a user-id) is a number. If that number is not listed in /etc/groups then it will show only as a number and will not have a name.
Thanks Hazel and sundialsvcs for your replies. I agree that the system recognises User Accounts with IDs and not with names. But my question was, what if that GID (Group) does not exist on the system at all?
For example for testing if I create a group called city with gid 1011 and create a user called sam with primary group city. And then later, delete that group(and its GID) will that user be able to login as its primary group does not exist.
It seems from my tests , he was still able to login. Ofcourse when he created files, they all have now 1011 as their gids. But login is permitted.
For example for testing if I create a group called city with gid 1011 and create a user called sam with primary group city. And then later, delete that group(and its GID) will that user be able to login as its primary group does not exist.
No, you still don't get it. What you have deleted is the record in /etc/group that just assigned a human readable name to the GID (well, technically, /etc/group can do more, but not in this case). The home directory of sam is still owned by the GID 1011 even if it doesn't have a name now. Check it with
Code:
ls -ld ~sam
Also, if you look it up in /etc/passwd, you'll see that the primary GID of sam is still 1011:
"A group" is "a group-id." That is to say, it is a number. If you associate a name with that number you will see it listed by name. But it can actually be any number that you want. Its only purpose is with permission-checking. There is no physical or logical resource otherwise associated with "a group."
"User ids" are also numbers, but they have to appear in the (shadow ...) password table. Users also have other characteristics and resources associated with them, such as "home directories." And, a list of group-ids.
Last edited by sundialsvcs; 10-20-2021 at 01:44 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.