A while ago, we got a note from Lyn saying that he had detected some inconsistencies in the groups on Puma and Tempest, and he claimed responsibility for some of them:
On tempest, the last few entries of /etc/group are: efusco:x:5450: stapsys:x:157: events:x:5451: cs110s12:x:5452: mensam:x:5453: mokeefe2:x:5454: xlu2:x:5455: cs304s11:x:5456: mseger:x:5457: cs342pri:x:5458:cs342,fturbak cs342stu:x:5459:cs342,fturbak,gdome cs342web:x:5460:cs342,apache,fturbak On puma they're efusco:x:5450: efusco:x:5450: events:x:5451: appinv-stats:x:5452: cs117:x:5125: cs110s12:x:5452: mensam:x:5453: mokeefe2:x:5454: xlu2:x:5455: cs304s11:x:5456: mseger:x:5457: I'm at fault for some of these. I added appinv-stats on puma near the end of July (didn't know it was supposed to be added on tempest). Today, I added the new cs342 groups to tempest, but they didn't propagate to puma. The fact that appinv-stats and cs110s12 share the same group ID is gonna cause problems. Sorry, my bad.
Okay, we have several issues here, so let’s see what they are:
- The /etc/group files on Puma and Tempest are going to differ in some of their system entries, at least until we get these more in sync.
- Update LDAP as well
- We need to renumber the group for cs110s12, but that won’t be too hard
- We should take this opportunity to clean things up a bit.
I used the “grpck” command on Tempest to clean the /etc/group file up a bit. It detected some duplicate lines and some missing accounts (e.g. cwhitetake is not a valid account, but she was listed in the accounts for cs235stu:
cs235stu:x:4012:adaigle,atang,choover,clui,cs235,cvaldes,cwhitetake,fturbak,gdome,gwunnava,kneugent,mmiranda,rshull,sfinn,shamilto,skim17,ustutsma,aahiable,cboes,dbullist,kchadha,lchoe,tfeng,mferreir,ggoodwin,cgrote,jhan,lhelm,dkim5,mligon,lrigge,lristovs,asandu,mvasek,evuksani,hwang2,swu
Before letting grpck removed duplicate lines, I wanted to see what they were, so I used the following command:
[root@puma ~] cut -d: -f1 /etc/group | sort | uniq -d bin disk efusco news quaggavty slocate tomcat
Is there any disagreement or are these perfect duplicates?
[root@puma ~] sort /etc/group | uniq -d bin:x:1:daemon,root disk:x:6:root, efusco:x:5450: news:x:13: quaggavty:x:103: slocate:x:21: tomcat:x:102:
Having satified myself that it’s okay, I run “grpck:”
[root@puma ~] grpck duplicate group entry delete line 'bin:x:1:daemon,root'? y duplicate group entry delete line 'bin:x:1:daemon,root'? y duplicate group entry delete line 'disk:x:6:root'? y duplicate group entry delete line 'disk:x:6:root,'? y duplicate group entry delete line 'news:x:13:'? y duplicate group entry delete line 'slocate:x:21:'? y duplicate group entry delete line 'tomcat:x:102:'? y duplicate group entry delete line 'quaggavty:x:103:'? y group faculty: no user emustafa delete member 'emustafa'? y group cs235stu: no user cwhitetake delete member 'cwhitetake'? y duplicate group entry delete line 'efusco:x:5450:'? y invalid group file entry delete line ''? y grpck: the files have been updated [root@puma ~]
Now, let’s compare the /etc/group on the two machines.
[root@puma ~] sort -n -t: -k3 /etc/group > /etc/group.sorted [root@puma ~] sort -n -t: -k3 /etc/group.tempest > /etc/group.sorted.tempest [root@puma ~] diff /etc/group.sorted /etc/group.sorted.tempest 2c2 < bin:x:1:daemon,root --- > bin:x:1:root,bin,daemon 7c7 < disk:x:6:root, --- > disk:x:6:root 12c12,13 < mail:x:12:mail --- > cdrom:x:11: > mail:x:12:mail,postfix 16a18 > dialout:x:18: 21d22 < squid:x:23: 26a28 > tape:x:33: 28c30 < rpm:x:37: --- > kvm:x:36:qemu 29a32 > video:x:39: 32d34 < xfs:x:43: 39,41c41,42 < audio:x:63:gdm < webalizer:x:67: < haldaemon:x:68: --- > audio:x:63: > haldaemon:x:68:haldaemon 43a45 > tcpdump:x:72: 45c47,48 < pcap:x:77: --- > radvd:x:75: > saslauth:x:76: 47,48c50,52 < sabayon:x:86: < distcache:x:94: --- > postfix:x:89: > postdrop:x:90: > hsqldb:x:96: 53,55c57,58 < stapdev:x:104: < stapusr:x:105: < avahi-autoipd:x:106: --- > qemu:x:107: > usbmuxd:x:113: 57c60,74 < nagios:x:399: --- > stapsys:x:157: > avahi-autoipd:x:170: > abrt:x:173: > mongod:x:489: > fuse:x:490: > stapusr:x:491: > stapdev:x:492: > pulse-access:x:493: > pulse:x:494: > cgred:x:495: > qpidd:x:496: > rtkit:x:497: > desktop_user_r:x:498: > desktop_admin_r:x:499: > admin:x:500: 1686d1702 < appinv-stats:x:5452: 1692a1709,1711 > cs342pri:x:5458:cs342,fturbak > cs342stu:x:5459:cs342,fturbak,gdome > cs342web:x:5460:cs342,apache,fturbak [root@puma ~]
For now, I’m going to ignore the minor differences, though it would be nice for them to be entirely eliminated. But what happened to cs110s12?
root@puma ~] grep cs110s12 /etc/group.sorted cs110s12:x:5452: [root@puma ~] grep cs110s12 /etc/group.sorted.tempest cs110s12:x:5452: [root@puma ~]
Oh, since it’s in both, it doesn’t show up in the diff. the appinv-stats group is *extra*. We could re-number it, but we’d have to worry about files whose GID needs to be changed, and I don’t know where all those files are. We could find them like this:
[root@tempest ~]# find / -gid 5452 -ls
But that will take *forever*. In this case, we’re lucky that we know the cs110s12 group is only in /home/cs110s12, so we can renumber those files and folders. I have a script for this in /root/ldapscripts/user-renumber
In the future, I think we need a wrapper of groupadd on Tempest to migrate the new groups to LDAP and to puma. For now, I think we’ll use the /root/ldapscripts/ldap-resolve-differences.pl
Sigh. Still lots of differences, many of which are spurious. We might replace the original files with numerically sorted ones.
