LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-08-2013, 12:47 AM   #1
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Rep: Reputation: 59
User is a Part of a Group But Group Details Do Not Show the User


Hi,

In the following output you can see the the user "richard" is a member on the team/group "developers":

Code:
[root@devapp ~]# id  richard
uid=10247(richard) gid=100361(developers) groups=100361(developers),10053(testers)
but in the following details of the said group (developers), the said user (richard) is not found:

Code:
[root@devapp ~]# getent group developers
developers:*:100361:jack,philip,russel
[root@devapp ~]#
How comes it?


Please Note:
  1. This is a Red Hat EL box and we use Windows AD accounts for log-ins on this Red Hat server; and this particular user is not able log in to the server.
  2. The details of the other group "testers" show that the user "richard" is on the list.
 
Old 08-08-2013, 02:27 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392
If I look at the above output (id richard) I notice that developers is the primary group for richard. This is not reflected as such in the /etc/group file. The getent group group_name command uses /etc/group as input and looks at the entries after the last colon.

developers being the primary group for richard, the name richard will not appear after the last colon and thus will not be shown.
Code:
developers:x:100361:user2,user4     # richards primary group
testers:x:10053:richard,user2,user3,user4   # (one of) richards extra groups
The bold parts is what getent group <name> looks at.

Not sure why it is implemented this way, but this is how getent works.

BTW: This is not RHEL and/or AD specific.
 
Old 08-08-2013, 03:47 AM   #3
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Original Poster
Rep: Reputation: 59
The user's home directory is present and it has correct permissions. The account is an old one. Still, the user "richard" is not able to log-in to the server.
 
Old 08-08-2013, 03:54 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392
Quote:
Originally Posted by devUnix View Post
The user's home directory is present and it has correct permissions. The account is an old one. Still, the user "richard" is not able to log-in to the server.
This has nothing to do with the original question about getent/"missing" group.

About the new question: Not much to go on.
- Any messages when trying to log in?
- You mention AD, is richard present?
- Is this account locked/expired?
- Any clues in the logs (both locally and AD)?
 
Old 08-08-2013, 05:30 AM   #5
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Original Poster
Rep: Reputation: 59
Quote:
Originally Posted by druuna View Post
This has nothing to do with the original question about getent/"missing" group.

About the new question: Not much to go on.
- Any messages when trying to log in?
- You mention AD, is richard present?
- Is this account locked/expired?
- Any clues in the logs (both locally and AD)?

On the linux Server, I do not see the user's account status:

Code:
# passwd -S richard
Unknown user.
Do I have to reach out to the Windows / AD team?
 
Old 08-08-2013, 05:52 AM   #6
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392Reputation: 2392
Quote:
Originally Posted by devUnix View Post
On the linux Server, I do not see the user's account status:

Code:
# passwd -S richard
Unknown user.
Does this user have an actual account on that box? (as root: grep richard /etc/{passwd,shadow})

Quote:
Do I have to reach out to the Windows / AD team?
Doesn't hurt to check if all is in order at their side of things.
 
Old 08-08-2013, 07:02 AM   #7
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Original Poster
Rep: Reputation: 59
Quote:
Originally Posted by druuna View Post
Does this user have an actual account on that box? (as root: grep richard /etc/{passwd,shadow})
No. It is not a local user. LDAP is in place. Hence all the users are accessing the server using their Windows Active Directory accounts/credentials.

Hence, the passwd and the shadow files would not show any entries for the user(s).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Group user to anther group vidyasagar6 Linux - Server 2 12-04-2012 07:06 PM
[SOLVED] user removed from one group can still get that group's permission LanFan.BlueSailor Linux - Security 11 08-23-2012 12:32 AM
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 02:03 PM
How to list group members and show user id and full name bsalamon Linux - Newbie 1 12-16-2011 12:29 PM
User or Group Creation Details valen_tino Red Hat 1 06-12-2009 10:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration