Primary and Supplementary Group Memberships

Hearn, Stan J. stan.hearn at nscorp.com
Wed Oct 1 19:59:20 UTC 2008 

Quoting "Barry Brimer"
>Have you tried "getent group groupname"? 

No I haven't until now.  That's exacly what I need.  

I just need an equivalent for Solaris and AIX in our environment or I'll
just use my custom script.

Thanks,
Stan

-----Original Message-----
From: redhat-sysadmin-list-bounces at redhat.com
[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Barry
Brimer
Sent: Wednesday, October 01, 2008 3:12 PM
To: redhat-sysadmin-list at redhat.com
Subject: RE: Primary and Supplementary Group Memberships

Have you tried "getent group groupname"?

Quoting "Hearn, Stan J." <stan.hearn at nscorp.com>:

> Tim,
>
> Thank you for your reply.
>
> >> I have a
> >> script that will generate a new report based on the /etc/group file
> with
> >> supplementary members and primary members from the /etc/passwd
file.
> >> I'm wanting to use that when we need "everything in place" for some
> >> reason.
>
> >What's wrong with the "groups" command or
getgroups(3)/getgrouplist(3)?
>
> groups gives me the group memberships of a user.  I want user
> memberships per group.
>
> I could not find a command that would give me all members (primary and
> supplementary) of a specific group.
> Is there one?  I couldn't find one, so I wrote my own.
>
> For example.
> # members bin
> root bin daemon
> #
>
> You have given me great ideas that will hopefully allow me to squash
> this effort.  Also I didn't know that I could have multiple lines in
> /etc/group.  That's good to know.
>
> I'm finding it hard to defend since Redhat and possibly other distros
> populate /etc/group with primary members with system accounts.
>
> Thanks,
> Stan
>
>
>
> -----Original Message-----
> From: redhat-sysadmin-list-bounces at redhat.com
> [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Tim
Mooney
> Sent: Wednesday, October 01, 2008 2:04 PM
> To: redhat-sysadmin-list at redhat.com
> Subject: Re: Primary and Supplementary Group Memberships
>
> In regard to: Primary and Supplementary Group Memberships, Hearn, Stan
> J....:
>
> > I'm under the impression that if an account has a primary group it
> > doesn't need to be (or shouldn't be) listed in /etc/group as a
member.
>
> I just had this conversation with a new sysadmin here.  You are
> definitely
> correct that you do not need to list someone in /etc/group in the case
> of
> their primary group.  You *could*, but you don't need to.
>
> There are also good reasons not to.  Line length in /etc/group being
> one.
> If you have a box with e.g. 10,000 users and most of them have the
same
> default group, if you explicitly list each account on the line in
> /etc/group, you're eventually going to exceed a length limit for the
> line.
> Then, to get around that, you would need to list the same group
multiple
> times, e.g.
>
> faculty:x:3200:usera,userb,userc,userd,...
> faculty:x:3200:user1001,user1002,user1003
>
> etc.
>
> I would expect there will be a slight performance penalty for listing
> all your users in /etc/group too.  nscd caching will negate some of
> that,
> but why pay the penalty in the first place, especially for a file that
> gets read a LOT?
>
> Linux doesn't have this problem, but at least on some UNIX platforms,
> if someone is listed on their primary group line in /etc/group, then
> the "groups" command would return a particular group twice -- once
> from /etc/passwd and once from /etc/group.
>
> > I have some admins that want to put everyone in the /etc/group file.
> > That way you'll have all group memberships in one place.
>
> You're trading one problem for another.  Now you have a group
> synchronization issue.  You'll have to take precautions to make
certain
> that you keep the primary group from /etc/passwd in synch with the
> /etc/group file.
>
> >  I have a
> > script that will generate a new report based on the /etc/group file
> with
> > supplementary members and primary members from the /etc/passwd file.
> > I'm wanting to use that when we need "everything in place" for some
> > reason.
>
> What's wrong with the "groups" command or
getgroups(3)/getgrouplist(3)?
>
> > I've always been under the impression that populating /etc/group
with
> > primary members is not desired.
>
> I would certainly agree with that.
>
> > Why does RHEL out of the box, do this with system accounts?
>
> That's a good question.  I don't know.
>
> Tim
> --
> Tim Mooney
> Tim.Mooney at ndsu.edu
> Enterprise Computing & Infrastructure                  701-231-1076
> (Voice)
> Room 242-J6, IACC Building                             701-231-8541
> (Fax)
> North Dakota State University, Fargo, ND 58105-5164
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
> !DSPAM:48e3c526177971209621185!
>
>



--
redhat-sysadmin-list mailing list
redhat-sysadmin-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list

More information about the redhat-sysadmin-list mailing list