| View previous topic :: View next topic |
| Author |
Message |
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
 Posted: Thu Sep 14, 2017 9:51 am Post subject: [SOLVED] How to clean up /etc/group? |
 |
|
Just realized my /etc/group and /etc/group- is full of entries from programs unmerged long time ago.
Is there a tool for checking which entries are still needed?
Last edited by charles17 on Thu Sep 14, 2017 3:50 pm; edited 1 time in total |
|
| Back to top |
|
 |
chiefbag
Guru
Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom
|
| Posted: Thu Sep 14, 2017 11:17 am Post subject: |
|
|
You could check what groups are there without corresponding users which might narrow things down a bit.
Something like the below script may help.
| Code: | #!/bin/bash
cat /etc/group | grep -v "sys" | grep -v "tty" | grep -v "disk" | grep -v "mem" | grep -v "kmem" | grep -v "wheel" | grep -v "floppy" | grep -v "console" | grep -v "audio" | grep -v "cdrom" | grep -v "tape" | grep -v "video" | grep -v "cdrw" | grep -v "usb" | grep -v "users" | grep -v "utmp" | grep -v "nogroup" | awk -F ':' '{print$1}' | while read LINE;
do
GROUP=$( cat /etc/passwd | awk -F ':' '{print$1}' | grep "$LINE" | wc -l )
if [ "$GROUP" -eq 0 ];
then
echo "No user for group \"$LINE\""
fi
done |
|
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Thu Sep 14, 2017 12:09 pm Post subject: |
|
|
I'll simplify the usage of grep like: | Code: | #!/bin/bash
cat /etc/group | grep -vE 'sys|tty|disk|mem|kmem|wheel|floppy|console|audio|cdrom|tape|video|cdrw|usb|users|utmp|nogroup' | awk -F ':' '{print$1}' | while read LINE;
do
GROUP=$( cat /etc/passwd | awk -F ':' '{print$1}' | grep "$LINE" | wc -l )
if [ "$GROUP" -eq 0 ];
then
echo "No user for group \"$LINE\""
fi
done |
And it works. Result is: | Code: | No user for group "dialout"
No user for group "nofiles"
No user for group "plugdev"
No user for group "lpadmin"
No user for group "ssmtp"
No user for group "realtime"
No user for group "pulse-access"
No user for group "openct"
No user for group "lock"
No user for group "netdev"
No user for group "scanner"
No user for group "input"
No user for group "vlock" |
Some of them are in my own user: | groups | xargs -n 1: | wheel
uucp
audio
cdrom
dialout
video
games
cdrw
usb
users
portage
vlock
scanner
charies17
plugdev |
So how to find out for which program a group or a user has been created? |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30888
Location: here
|
| Posted: Thu Sep 14, 2017 12:26 pm Post subject: |
|
|
| charles17 wrote: | | So how to find out for which program a group or a user has been created? |
You can search in ebuild
| Code: | | grep -r "enewgroup <group_name_you_want_search>" /usr/portage/* --include=*.ebuild |
a problem is that sometimes group name have ${PN} variable
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Thu Sep 14, 2017 1:34 pm Post subject: |
|
|
With your help I could finally groupdel / userdel some outdated entries from /etc/group
Remaining question: | Code: | bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
disk:x:6:root,adm |
adm and daemon, couldn't find them in the ebuilds. What could they be good for? |
|
| Back to top |
|
|
chiefbag
Guru
Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom
|
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Thu Sep 14, 2017 3:50 pm Post subject: |
|
|
| Thanks for the link. As in so many cases, Arch has good information. |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Thu Sep 14, 2017 4:00 pm Post subject: |
|
|
| Quote: | | As in so many cases, Arch has good information. |
Gentoo once had excellent documentation as well... One day, everything was destroyed - and we never fully recovered from that incident. |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Thu Sep 14, 2017 4:31 pm Post subject: |
|
|
Below is the contents of /etc/group from stage 3 tarball. I would hesitate to delete any of those groups.
| Code: | root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root
news:x:13:news
uucp:x:14:uucp
console:x:17:
audio:x:18:
cdrom:x:19:
dialout:x:20:
tape:x:26:root
video:x:27:root
cdrw:x:80:
usb:x:85:
input:x:97:
users:x:100:
portage:x:250:portage
utmp:x:406:
nogroup:x:65533:
nobody:x:65534:
sshd:x:22:
man:x:15:
|
|
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21602
|
| Posted: Fri Sep 15, 2017 1:47 am Post subject: |
|
|
| charles17 wrote: | | I'll simplify the usage of grep like: |
I'll simplify it further. 
| Code: | #!/bin/bash
gawk -F: '! /sys|tty|disk|mem|kmem|wheel|floppy|console|audio|cdrom|tape|video|cdrw|usb|users|utmp|nogroup/ {print $1}' < /etc/group | while read LINE;
do
gawk -F: -v "LINE=$LINE" -v r=1 '$1 == LINE {r=0} END {exit r}'
if [[ $? -eq 1 ]];
# ... rest unchanged
|
This improves upon the original script in the following ways:- No more Useless Use Of Cat.
- No need to use a separate grep to filter fields that will also be run through a gawk.
- No sensitivity to names with special characters (which should not apply here, but it's good practice to avoid the problem).
|
|
| Back to top |
|
|
|
Networking & Security
