PDA

View Full Version : Changes in /etc/group not recognised



Walter S
06-Sep-2011, 13:36
Hi,
if I change an entry in /etc/group by simply editing the file the
changes won't get recognised. Is there any way to make the system
recognise the changes?
Changing groups with usermod -[R|A], works as expected, where is the
difference to a simple edit?
I just want to do a simple file synchronisation between machines.

System is SLES 11 (2.6.32.27-0.2 x86_64)

Cheers,

Walter


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=444246

malcolmlewis
06-Sep-2011, 13:53
On Tue, 06 Sep 2011 12:36:02 GMT
Walter S <Walter_S@no-mx.forums.novell.com> wrote:

>
> Hi,
> if I change an entry in /etc/group by simply editing the file the
> changes won't get recognised. Is there any way to make the system
> recognise the changes?
> Changing groups with usermod -[R|A], works as expected, where is the
> difference to a simple edit?
> I just want to do a simple file synchronisation between machines.
>
> System is SLES 11 (2.6.32.27-0.2 x86_64)
>
> Cheers,
>
> Walter
>
>
Hi
If you use YaST instead, that will run the necessary routines to sync;


yast users


--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 12:28, 3 users, load average: 0.10, 0.07, 0.06
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

Walter S
06-Sep-2011, 16:16
malcolmlewis;2134744 Wrote:
> On Tue, 06 Sep 2011 12:36:02 GMT
> Walter S <Walter_S@no-mx.forums.novell.com> wrote:
>
> >
> > Hi,
> > if I change an entry in /etc/group by simply editing the file the
> > changes won't get recognised. Is there any way to make the system
> > recognise the changes?
> > Changing groups with usermod -[R|A], works as expected, where is the
> > difference to a simple edit?
> > I just want to do a simple file synchronisation between machines.
> >
> > System is SLES 11 (2.6.32.27-0.2 x86_64)
> >
> > Cheers,
> >
> > Walter
> >
> >
> Hi
> If you use YaST instead, that will run the necessary routines to sync;
> >
Code:
--------------------
> >
> yast users
>
--------------------
> >
>
> Hi Malcolm,
> I'm sorry, but this is not helpful. How would using yast2 be a
> solution for a (automated) synchronisation between machines? As I
> wrote in my OP I don't have a problem with changing users' groups
> (it's faster and easier with usermod, BTW), it is just that SLES is
> behaving strangely and I am searching for a solution or explanation to
> that.
>
> Cheers,
>
> Walter
>
>
> P.S.
> yast2 is incredibly slow. Just listing users >
Code:
--------------------
> > yast2 --ncurses users list
--------------------
> > takes more than a second, whereas >
Code:
--------------------
> > awk -F: '$3 >= 1000 && $3 <= 6000' /etc/passwd
--------------------
> > takes 0.001 seconds. Even a more universal >
Code:
--------------------
> > GID_MIN=$(awk '/^[:blank:]*GID_MIN/ {print $NF}' /etc/login.defs);\
> GID_MAX=$(awk '/^[:blank:]*GID_MAX/ {print $NF}' /etc/login.defs);\
> awk -F: '$3 >= '"$GID_MIN"' && $3 <= '"$GID_MAX"'' /etc/passwd
--------------------
> > would take only 0.007 seconds. Try this in a landscape with 100+
> machines on every machine and you'll see what I mean.
> W.


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=444246

malcolmlewis
06-Sep-2011, 18:16
On Tue, 06 Sep 2011 15:16:02 GMT
Walter S <Walter_S@no-mx.forums.novell.com> wrote:

>
> malcolmlewis;2134744 Wrote:
> > On Tue, 06 Sep 2011 12:36:02 GMT
> > Walter S <Walter_S@no-mx.forums.novell.com> wrote:
> >
> > >
> > > Hi,
> > > if I change an entry in /etc/group by simply editing the file the
> > > changes won't get recognised. Is there any way to make the system
> > > recognise the changes?
> > > Changing groups with usermod -[R|A], works as expected, where is
> > > the difference to a simple edit?
> > > I just want to do a simple file synchronisation between machines.
> > >
> > > System is SLES 11 (2.6.32.27-0.2 x86_64)
> > >
> > > Cheers,
> > >
> > > Walter
> > >
> > >
> > Hi
> > If you use YaST instead, that will run the necessary routines to
> > sync;
> > >
> Code:
> --------------------
> > >
> > yast users
> >
> --------------------
> > >
> >
> > Hi Malcolm,
> > I'm sorry, but this is not helpful. How would using yast2 be a
> > solution for a (automated) synchronisation between machines? As I
> > wrote in my OP I don't have a problem with changing users' groups
> > (it's faster and easier with usermod, BTW), it is just that SLES is
> > behaving strangely and I am searching for a solution or explanation
> > to that.
> >
> > Cheers,
> >
> > Walter
> >
> >
> > P.S.
> > yast2 is incredibly slow. Just listing users >
> Code:
> --------------------
> > > yast2 --ncurses users list
> --------------------
> > > takes more than a second, whereas >
> Code:
> --------------------
> > > awk -F: '$3 >= 1000 && $3 <= 6000' /etc/passwd
> --------------------
> > > takes 0.001 seconds. Even a more universal >
> Code:
> --------------------
> > > GID_MIN=$(awk '/^[:blank:]*GID_MIN/ {print
> > > $NF}' /etc/login.defs);\
> > GID_MAX=$(awk '/^[:blank:]*GID_MAX/ {print
> > $NF}' /etc/login.defs);\ awk -F: '$3 >= '"$GID_MIN"' && $3 <=
> > '"$GID_MAX"'' /etc/passwd
> --------------------
> > > would take only 0.007 seconds. Try this in a landscape with 100+
> > machines on every machine and you'll see what I mean.
> > W.
>
>
Hi
If you look at the man page for groups;


BUGS
As the 4.2BSD initgroups(3) man page says: No-one seems to
keep /etc/group up-to-date.

What if you use vigr and grpck commands, they may cause an update, but
have a feeling your hitting the above bug.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 16:47, 6 users, load average: 0.09, 0.13, 0.14
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

Walter S
07-Sep-2011, 07:56
malcolmlewis;2134863 Wrote:
> On Tue, 06 Sep 2011 15:16:02 GMT
> [...]
> Hi
> If you look at the man page for groups;
> >
Code:
--------------------
> >
> BUGS
> As the 4.2BSD initgroups(3) man page says: No-one seems to
> keep /etc/group up-to-date.
>
--------------------
> >
> What if you use vigr and grpck commands, they may cause an update,
> but
> have a feeling your hitting the above bug.
>
Alas, nether grpck or vigroup has any effect on a user's group
membership.
But I've just found the culprit: it's nscd, the name service cache
daemon. Even when restarted after changes in /etc/group it will restore
the previous state.
Changing

Code:
--------------------
enable-cache group yes
--------------------

to

Code:
--------------------
enable-cache group no
--------------------

in /etc/nscd.conf and restarting nscd solved my problem.
So I've only to roll out the changed configuration and restart nscd on
all machines and my synchronisation goes as planned. :)
Thanks for your time,

Walter


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=444246

jmozdzen
09-Sep-2011, 15:06
Hi Walter,

instead of disabling caching completely, you might just tell nscd to
reload the groups... unless you have other reasons to disable nscd,
too.

:~ # nscd --help




Usage: nscd [OPTION...]




Name Service Cache Daemon.









-d, --debug Do not fork and display messages on the
current



tty




-f, --config-file=NAME Read configuration data from NAME




-g, --statistics Print current configuration statistics




*-i, --invalidate=TABLE Invalidate the specified cache*




-K, --shutdown Shut the server down




-t, --nthreads=NUMBER Start NUMBER threads




-?, --help Give this help list




--usage Give a short usage message




-V, --version Print program version









Mandatory or optional arguments to long options are also mandatory or
optional



for any corresponding short options.

Regards,
Jens


--
from the times when today's "old school" was "new school" :eek:
------------------------------------------------------------------------
jmozdzen's Profile: http://forums.novell.com/member.php?userid=32246
View this thread: http://forums.novell.com/showthread.php?t=444246

Walter S
12-Sep-2011, 07:56
jmozdzen;2135943 Wrote:
> Hi Walter,
> instead of disabling caching completely, you might just tell nscd to
> reload the groups... unless you have other reasons to disable nscd,
> too.
> [...]

As I said, simply restarting/reloading nscd won't help. And as I see no
advantage in credential caching in our current environment it's more
convenient for me to disable it.

Cheers,

Walter


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=444246