• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

Solaris 9 User/Group Account Misbehavior

There seems to be a special way of entering user and group accounts that makes the account and group assignments not work properly.  
acmgr::300:root
anyone::400:acctmgr
anyone:x:500:400::/export/home/anyone:/bin/csh
acctmgr:x:200:300::/usr/local_accnts:/bin/csh

The symptoms are:

-  acctmgr can not “cd / export/home/anyone” even though the permissions are 770.
-  anyone can not login to the Gnome desktop from the console login screen

Cause
I just ran into this problem again and the only unusual thing that I remember is that I had made a mistake with the group number and used a number that was already assigned to another group.  So I ran “pwconv” with two groups with the same number.  I “vi” the passwd file and corrected the group number.  Then the problem appeared (I think).

Resolution
I have tried deleting and reallocating the “/export/home/anyone” file.  Reperformed a “chown anyone:anyone /export/home/anyone” and used userdel, grouped, useradd, groupadd, usermod to remake the accounts.  This only worked sometimes!

I checked through the account definitions in passwd and group and they are correct.  The error is persistent but I don’t know where the bad information is being kept…

Has anyone run into any thing like this?

Thanks, Allan
0
huffmana
Asked:
huffmana
  • 3
1 Solution
 
huffmanaAuthor Commented:
I did a "truss cd /export/home/anyone" and the first error listed is:
open ("var/ld/ld.conf", O_RDONLY) Err #2 ENOENT
0
 
huffmanaAuthor Commented:
Sorry, truss does not seem to work for "cd" - even as root all "cd" operations fail.
$ su
# truss cd /export/home/anyone

Fails with the same "Err #2 ENOENT" error.
0
 
arthurjbCommented:
I think that you have your group and password files mixed up

I assume that the first 2 lines that you posted are from the group file and the last 2 are from the passwd file.  If my assumption is wrong then that is the cause of your problem.

Here is the way it should be setup from how I understand what you want to do;
First setup your groups in the /etc/group file
mgr::300:root,acctmgr
any::400:anyone,user1,user2,user3
users::500

This give you a mgr group, an any group, and a users group.  (I changed the names since having names real close causes humans to make mistakes. and Yes, you can have a group and a user with the same name, but that confuses even some experienced users.)

Here is an excerpt from the passwd file;
anyone:x:1100:400::/export/home/anyone:/bin/csh
acctmgr:x:1200:500::/usr/local_accnts:/bin/csh
user1:1300:1300:500::/export/home/user1:/bin/csh
user2:1400:1400:500::/export/home/user2:/bin/csh
user3:1500:1600:500::/export/home/user3:/bin/csh

If this is how you have yours setup allready, then a simple test is to "su - user1" and then do a groups command, this will show what groups the system thinks the user is a member of.


0
 
huffmanaAuthor Commented:
It turned out that the problem was with the .cshrc file.  We use "umask 117" in .cshrc and I was doing a
cp -pR anyone1 anyone2
chown anyone2:anyone2 anyone2
and it did not change to ownership of .cshrc !!!

Thanks for your help, Allan who feels a bit foolish :-/
0
 
bpeterseCommented:
You need to have your executable bit set on the directory for all users, i.e. permissions should be 775, not 770 for the /export/home/anyone directory.

BTW, Sun recommends using /usr/ucb/vipw to edit your password file - this keeps your password and shadow files consistent.

0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now