groupadd, useradd, etc

Bill Gradwohl bill at ycc.com
Thu Feb 17 18:36:25 UTC 2005


Mogens Kjaer wrote:

>This is very strange.
>
>Does the start of this file look OK?
>  
>
The start looks OK on the machine that this problem first appeared on, 
and on another machine I'm using as a test box.

I've reproduced the problem on another machine and now will go back and 
isolate what in particular is causing the issue.

It appears that successive adding of users to a group causes each group 
and subsequent groups below it to grow incredibly. The gshadow file is 
full of Hex 2c characters.

Here's an xxd dump of a portion of the gshadow file.
0001130: 2c2c 2c2c 2c2c 2c2c 2c0a 6265 636b 793a  ,,,,,,,,,.becky:
0001140: 213a 3a2c 212c 2c2c 2c2c 2c21 2c2c 2c21  !::,!,,,,,,!,,,!
0001150: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001160: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001170: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001180: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001190: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011a0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011b0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011c0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011d0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011e0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00011f0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001200: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001210: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001220: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0001230: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,

The top portion of the file looks much more reasonable, until you get to 
the first group I added - alan.
00001a0: 6d73 703a 783a 3a0a 7063 6170 3a78 3a3a  msp:x::.pcap:x::
00001b0: 0a61 7061 6368 653a 783a 3a0a 7371 7569  .apache:x::.squi
00001c0: 643a 783a 3a0a 7765 6261 6c69 7a65 723a  d:x::.webalizer:
00001d0: 783a 3a0a 7866 733a 783a 3a0a 6e74 703a  x::.xfs:x::.ntp:
00001e0: 783a 3a0a 6764 6d3a 783a 3a0a 616c 616e  x::.gdm:x::.alan
00001f0: 3a21 3a3a 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  :!::,,,,,,,,,,,,
0000200: 2c2c 212c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,!,,,,,,,,,,,,,
0000210: 2c2c 2c2c 2c2c 2c21 2c2c 2c2c 2c61 6c61  ,,,,,,,!,,,,,ala
0000220: 6e0a 616c 616e 643a 213a 3a2c 212c 2c2c  n.aland:!::,!,,,
0000230: 2c2c 2c21 2c2c 2c21 2c2c 2c2c 2c2c 2c2c  ,,,!,,,!,,,,,,,,
0000240: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0000250: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0000260: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0000270: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 0a61  ,,,,,,,,,,,,,,.a
0000280: 6c61 6e74 3a21 3a3a 2c21 2c2c 2c2c 2c2c  lant:!::,!,,,,,,
0000290: 212c 2c2c 212c 2c2c 2c2c 2c2c 2c2c 2c2c  !,,,!,,,,,,,,,,,
00002a0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00002b0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00002c0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00002d0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00002e0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
00002f0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,
0000300: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c  ,,,,,,,,,,,,,,,,

Then I added aland, followed by alant, etc. It seems like each 
user/group is taking up more and more space full of hex 2c's.

I'm adding users from a script which is creating them in alphabetical 
order. That script was created on another box where I wrote a perl 
script to analyze that machines users and groups and it wrote the bash 
script, a portion of it shown below: I need users and groups on one 
machine to be equal to them on another machine including their UID and 
GID, so the script creates things in a sequence that guarantees I get 
the UID and GID I need.

What you see here is what is actually running to cause the problem, but 
there's nothing being executed but simple commands. I'm not writing to 
any of the passwd, group, shadow, or gshadow files myself. The normal 
utilities are doing it.

#### alan
if ! userexists alan; then
   if ! gidexists 573 alan; then
      if ! groupadd -g 573 alan; then
         echo groupadd for 573 alan failed.
         exit 1
      fi
   fi
   if gidexists 573 alan; then
      if ! /usr/sbin/useradd -u 572 -g 573 -d /home/alan -s /bin/bash -c 'Alan Glubber     ' alan; then
         echo useradd for user 572 alan failed.
         exit 1
      fi
   else
      echo useradd for 572 alan not attempted due to gid non existence.
      exit 1
   fi
else
   echo LoginID alan already exists on this box. Skipping this user.
fi
if ! /usr/sbin/usermod -G sambashare,alan alan; then
   echo usermod -G sambashare,alan alan failed.
   exit 1
fi
if ! /usr/sbin/usermod -p '$1$aTDwruOO$ZTuCh9CCE9W8T1zJSlwjB.' alan; then
   echo usermod -p for alan failed.
   exit 1
fi


If you're wondering how some of the functions are written, here they are:
userexists() {
   usermod -U ${1} 2>/dev/null
   return $?
}

groupexists() {
   groupmod ${1} 2>/dev/null
   return $?
}

gidexists() {
   local groupID
   if [ $# -eq 2 ]; then
      if groupexists ${2}; then
         groupID=$(egrep "^$2:" /etc/group)
         groupID=${groupID%:*}
         groupID=${groupID##*:}
         [ "${groupID}" == "${1}" ] && return 0
         return 1
      else
         return 1
      fi
   else
      groupID=$(grep ${1} /etc/group|sed 's/^[^:]*:[^:]*://'|sed 's/:.*//'|sed "
/^${1}$/!d")
      [ "${groupID}" == "${1}" ] && return 0
      return 1
   fi
}



-- 
Bill Gradwohl
bill at ycc.com
http://www.ycc.com
spamSTOMPER Protected email




More information about the users mailing list