| View previous topic :: View next topic |
| Author |
Message |
seppelrockt
Guru
Joined: 14 May 2004
Posts: 423
|
 Posted: Thu Aug 10, 2006 12:07 pm Post subject: Managing /etc/group file - what are this groups for? |
 |
|
I am about to add some user the my parents office box and do some "maintainance" while I am at it. I realized that I pretty much lost control over the /etc/groups file. Now I try to comment and sort it a little so that I can deal with it a little easier in the future. The main problem is that I don't know what some groups are for and for some others I don't know wether it is save to delete them (or comment them out) ...
Here is the current "work in progress" state:
| Code: |
#******************************************************#
# This file controls group memberships for grinningcat #
#******************************************************#
#SYNTAX: group name:password(optional):group ID:members (optional)
#### UNIX standard groups (Don't touch them) ###
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
mem::8:
kmem::9:
mail::12:mail
news::13:news
uucp::14:uucp
man::15:man
console::17:
nofiles:x:200:
nogroup::65533:
nobody::65534:
### Hardware related groups ###
disk::6:root,adm,haldaemon
lp::7:lp
floppy::11:root,haldaemon
audio::18:gentoo
cdrom::19:gentoo,haldaemon
video::27:root
cdrw::80:haldaemon
usb::85:gentoo,haldaemon
haldaemon:x:411:haldaemon
plugdev:x:412:haldaemon
### Application or service related groups ###
portage::250:portage
sshd:x:22:
games:x:409:gentoo
locate:x:407:
# CUPS administration / web interface
lpadmin:x:106:
### Currently not in use? ###
#tape::26:root
#dialout::20:root
#cron:x:16:
### Users groups ###
wheel::10:root,gentoo
users::100:games,gentoo
seppel:x:1000:
# UNKNOWN / need evaluation
rpc:x:111:
#partimag:x:91:
gdm:x:408:
#postgres::70:
nut::84:
postfix:x:207:
postdrop:x:208:
smmsp:x:209:smmsp
messagebus:x:410:
utmp:x:406:
|
Can somebody tell me what the groups I listed in UNKNOWN are for? Can I savely delete groups that belong to apps I have not installed (like postfix, gdm...)? What about the hardware related groups TAPE and DIALOUT? I use neither tape decives nor dialout connections, so can I delete them? |
|
| Back to top |
|
 |
chrismortimore
l33t
Joined: 03 Dec 2005
Posts: 721
Location: Edinburgh, UK
|
| Posted: Thu Aug 10, 2006 1:04 pm Post subject: |
|
|
If the app or device isn't present, the group is unused and therefore pruneable.
_________________
Desktop: AMD Athlon64 3800+ Venice Core, 2GB PC3200, 2x160GB 7200rpm Maxtor DiamondMax 10, 2x320GB WD 7200rpm Caviar RE, Nvidia 6600GT 256MB
Laptop: Intel Pentium M, 512MB PC2700, 60GB 5400rpm IBM TravelStar, Nvidia 5200Go 64MB |
|
| Back to top |
|
|
seppelrockt
Guru
Joined: 14 May 2004
Posts: 423
|
| Posted: Thu Aug 10, 2006 1:49 pm Post subject: |
|
|
OK then my next question would be, how can I check if something in my file system belongs to a certain group? Or whether a certain ebuild installed want's me to set a group (e.g. like with games)?
It is so hard to get information about the details, e.g. what does the group "video" do? |
|
| Back to top |
|
|
chrismortimore
l33t
Joined: 03 Dec 2005
Posts: 721
Location: Edinburgh, UK
|
| Posted: Thu Aug 10, 2006 2:01 pm Post subject: |
|
|
A kinda long winded way of doing it, but
| Code: | | find / -type f -exec ls -l {} \; | awk '{print $4}' |
(as root) will print the group of each file. If you run:
| Code: | | find / -type f -exec ls -l {} \; | awk '{print $4}' | sort | uniq |
(again as root), you should get a list of all groups in use. But it might take a while.
_________________
Desktop: AMD Athlon64 3800+ Venice Core, 2GB PC3200, 2x160GB 7200rpm Maxtor DiamondMax 10, 2x320GB WD 7200rpm Caviar RE, Nvidia 6600GT 256MB
Laptop: Intel Pentium M, 512MB PC2700, 60GB 5400rpm IBM TravelStar, Nvidia 5200Go 64MB |
|
| Back to top |
|
|
dusik
Tux's lil' helper
Joined: 04 Jan 2005
Posts: 129
Location: Durham, NC, USA
|
| Posted: Fri Aug 11, 2006 3:08 am Post subject: |
|
|
| find / -type f -group groupname |
|
| Back to top |
|
|
troymc
Guru
Joined: 22 Mar 2006
Posts: 553
|
| Posted: Fri Aug 11, 2006 4:03 am Post subject: |
|
|
| dusik wrote: | | find / -type f -group groupname |
drop the -type f. You don't want to limit the search to just regular files, otherwise you'll miss devices, links, directories, etc.
so, how about:
| Code: |
find / -group $GROUP -ls
|
troymc |
|
| Back to top |
|
|
Headrush
Watchman
Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World
|
| Posted: Fri Aug 11, 2006 4:33 am Post subject: |
|
|
| chrismortimore wrote: | | If the app or device isn't present, the group is unused and therefore pruneable. |
I would advise against this. Removing a group that may appear unused now, might cause issues for you later.
(Example: cron appears empty. You remove and later try to implement some user level cron jobs -> won't work.)
Why the need to "manage" the /etc/groups file anyways. The list is relatively small anyways and the unused entries aren't adversely affecting performance. |
|
| Back to top |
|
|
seppelrockt
Guru
Joined: 14 May 2004
Posts: 423
|
| Posted: Fri Aug 11, 2006 10:35 pm Post subject: |
|
|
| Headrush wrote: | | chrismortimore wrote: | | If the app or device isn't present, the group is unused and therefore pruneable. |
I would advise against this. Removing a group that may appear unused now, might cause issues for you later.
(Example: cron appears empty. You remove and later try to implement some user level cron jobs -> won't work.)
Why the need to "manage" the /etc/groups file anyways. The list is relatively small anyways and the unused entries aren't adversely affecting performance. |
Yes you are right - I dicided to leave most (even empty) groups intact. The only groups I wiped out were from apps I had installed once and then deleted. The cron group e.g. is quite a standard group on UNIX anyway (see the low GID). So better don't touch this. I checked some ebuilds and found that they are creating appropreate groups when they are emerged, so deleting this groups once the app is not installed anymore shouldn't be a problem.
Interessting thing I found out: Gentoo < 2006.0 release seemed to have a strange group handling by ebuilds - they created groups like games with GIDs in the range of 1000 - that's were "real users" GIDs usually are. On a box that was installed from 2006.0 live CD this is fixed to GIDs in the 400er range. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
