Solved

ps showing user id not username

Posted on 2006-11-21
10
2,561 Views
Last Modified: 2009-08-06
Hi,

I'm having this really odd problem with the test cluster (Ubuntu/Dapper + heartbeat 2.0.7) that I'm currently setting up.

I think the following summises it nicely:-

# id hacluster
uid=105(hacluster) gid=111(haclient) groups=111(haclient)

# grep hacluster /etc/passwd
hacluster:x:105:111:Heartbeat System Account,,,:/usr/lib/heartbeat:/bin/false

# grep hacluster /etc/shadow
hacluster:<snip - was valid hash!>:13412:0:99999:7:::

# ps -ef | grep heart
root      4767     1  0 13:51 ?        00:00:00 heartbeat: master control process
root      4804  4767  0 13:51 ?        00:00:00 heartbeat: FIFO reader      
root      4805  4767  0 13:51 ?        00:00:00 heartbeat: write: bcast eth1
root      4806  4767  0 13:51 ?        00:00:00 heartbeat: read: bcast eth1
105       4849  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/ccm
105       4850  4767  0 13:55 ?        00:00:13 /usr/lib/heartbeat/cib
nobody    4851  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/lrmd
root      4852  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/stonithd
105       4853  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/attrd
105       4854  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/crmd
root      4855  4767  0 13:55 ?        00:00:01 /usr/lib/heartbeat/mgmtd -v
105       4856  4767  0 13:55 ?        00:00:00 /usr/lib/heartbeat/pingd -h 192.168.100.1 -m 100 -d 5s

As you can see 'ps -ef' isn't showing hacluster but instead is showing the uid of 105.

Also worth noting is that heartbeat is telling these processes to run as "hacluster" so it's getting that bit right, it's almost as if it can't reverse lookup the userid but I'm just guessing now!

Any ideas are most appreciated...
0
Comment
Question by:kennym141282
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:ircpamanager
ID: 17988004
maybe a shot in the dark here, is there a user and group named hacluster?
0
 
LVL 7

Expert Comment

by:killbrad
ID: 17988698
Remove the following two lines from your /etc/nscd.conf file:

enable-cache passwd no
enable-cache group no

Then restart the nscd service.
0
 

Author Comment

by:kennym141282
ID: 17993943
# apt-cache policy nscd
nscd:
  Installed: (none)
  Candidate: 2.3.6-0ubuntu20
  Version table:
     2.3.6-0ubuntu20 0
        500 http://gb.archive.ubuntu.com dapper/universe Packages


nscd isn't installed...

and...

# grep hacluster /etc/group
#

It's really puzzling!
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 5

Expert Comment

by:ircpamanager
ID: 17995633
what if   cat /etc/passwd | grep -i 105
0
 
LVL 8

Expert Comment

by:John Kawakami
ID: 18000689
Sources are here:
http://procps.cvs.sourceforge.net/procps/

It uses getpwuid(uid) to get the name.  So, the issue is down in that library.

Here's one version of that source:
getpwuid.c - http://www.google.com/codesearch?hl=en&q=+getpwuid+show:GCao5GWOX6Y:j2b_exIQ6aE:1sGKCqgnoog&sa=N&cd=3&ct=rc&cs_p=http://gentoo.osuosl.org/distfiles/Dev86src-0.16.17.tar.gz&cs_f=dev86-0.16.17/libc/getent/getpwuid.c#a0
__getwpent.c - http://www.google.com/codesearch?hl=en&q=show:von9tHYpwHY:j2b_exIQ6aE:stycz_AjqEA&sa=N&ct=rd&cs_p=http://gentoo.osuosl.org/distfiles/Dev86src-0.16.17.tar.gz&cs_f=dev86-0.16.17/libc/getent/__getpwent.c

Possible reasons:
The line in passwd may be malformed.

Maybe you're not  using that version of getpwuid above.  Are you on an LDAP based network?  Then you might be using different libraries, and the libraries aren't reading /etc/passwd.
0
 

Author Comment

by:kennym141282
ID: 18003637
I am on an LDAP based network, but, nsswitch.conf shows the following:-

passwd:         files ldap
group:          files ldap
shadow:         files ldap
0
 
LVL 1

Accepted Solution

by:
TraskAdam earned 350 total points
ID: 18025159
I think it's because the hacluster is longer than 8 chars so ps shows the uid rather than truncating the username.

[root@localhost /root]# useradd -c '8 Chars' abcdefgh
[root@localhost /root]# useradd -c '9 Chars' abcdefghi
[root@localhost /root]# grep ^abc /etc/passwd
abcdefgh:x:502:502:8 Chars:/home/abcdefgh:/bin/bash
abcdefghi:x:503:503:9 Chars:/home/abcdefghi:/bin/bash
[root@localhost /root]# su - abcdefghi -s /bin/bash -c '(sleep 10m &)'
[root@localhost /root]# su - abcdefgh -s /bin/bash -c '(sleep 10m &)'
[root@localhost /root]# ps -ef | grep sleep
503      11019     1  0 13:15 ?        00:00:00 sleep 10m
abcdefgh 11060     1  0 13:15 ?        00:00:00 sleep 10m
root     11074 10562  0 13:15 pts/7    00:00:00 grep sleep
[root@localhost /root]#

You can explicitly specify the format you want ps to use to overcome this....

[root@localhost /root]# ps -eo user=WIDE-USER-COLUMN -o pid,ppid,c,stime,tty,time,cmd | grep sleep
abcdefghi        12009     1  0 13:27 ?        00:00:00 sleep 10m
abcdefgh         12050     1  0 13:27 ?        00:00:00 sleep 10m
root             12057 10562  0 13:27 pts/7    00:00:00 grep sleep
[root@localhost /root]#



0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question