Inconsistency between “/etc/passwd” and “/etc/group”
I have 2 users, each has a different primary group.
For user1, the primary group is group1 with GID 501.
For user2, the primary group is group2 with GID 502.
I edited /etc/passwd
manually so that user1 now has GID 600.
However, I forgot to create a new group with GID 600 (and I did not edit /etc/group
either).
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group
)- everything works as if such a group exists:
Examples:
1) After user1 creates a new file- test.txt
- User2 can't r/w that file.
2) When running ls -l
I can see that test.txt
belongs to GID 600.
What am I missing? Why does it work even though there's inconsistency between /etc/passwd
and /etc/group
?
Thanks.
linux redhat-enterprise-linux
add a comment |
I have 2 users, each has a different primary group.
For user1, the primary group is group1 with GID 501.
For user2, the primary group is group2 with GID 502.
I edited /etc/passwd
manually so that user1 now has GID 600.
However, I forgot to create a new group with GID 600 (and I did not edit /etc/group
either).
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group
)- everything works as if such a group exists:
Examples:
1) After user1 creates a new file- test.txt
- User2 can't r/w that file.
2) When running ls -l
I can see that test.txt
belongs to GID 600.
What am I missing? Why does it work even though there's inconsistency between /etc/passwd
and /etc/group
?
Thanks.
linux redhat-enterprise-linux
add a comment |
I have 2 users, each has a different primary group.
For user1, the primary group is group1 with GID 501.
For user2, the primary group is group2 with GID 502.
I edited /etc/passwd
manually so that user1 now has GID 600.
However, I forgot to create a new group with GID 600 (and I did not edit /etc/group
either).
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group
)- everything works as if such a group exists:
Examples:
1) After user1 creates a new file- test.txt
- User2 can't r/w that file.
2) When running ls -l
I can see that test.txt
belongs to GID 600.
What am I missing? Why does it work even though there's inconsistency between /etc/passwd
and /etc/group
?
Thanks.
linux redhat-enterprise-linux
I have 2 users, each has a different primary group.
For user1, the primary group is group1 with GID 501.
For user2, the primary group is group2 with GID 502.
I edited /etc/passwd
manually so that user1 now has GID 600.
However, I forgot to create a new group with GID 600 (and I did not edit /etc/group
either).
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group
)- everything works as if such a group exists:
Examples:
1) After user1 creates a new file- test.txt
- User2 can't r/w that file.
2) When running ls -l
I can see that test.txt
belongs to GID 600.
What am I missing? Why does it work even though there's inconsistency between /etc/passwd
and /etc/group
?
Thanks.
linux redhat-enterprise-linux
linux redhat-enterprise-linux
asked Feb 25 at 8:49
Raz MosheRaz Moshe
31
31
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group)- everything works as if such a group exists
Not quite everything: a user can only belong to such a nameless group if it is their primary group, i.e. the group ID is specified on their line in /etc/passwd
. But that is just a consequence of how the non-primary group membership information is stored.
The kernel fundamentally handles the users and groups by UID and GID numbers; the names are essentially just a friendly user interface layer for us humans. POSIX-compliant filesystems also tend to store file ownerships by UID/GID numbers, not by user/group names.
Sometimes it is also necessary to work with incomplete user/group information. For example, a system that is relying on a central LDAP or NIS user database must not destroy file owner/group information merely because a network failure is causing the user information database to be unreachable.
Or when you are restoring a system after a total system disk failure, it would be inconvenient to have an absolute requirement to restore the user/group information first before anything else. (Granted, it might usually be one of the first things you restore, but it is not absolutely mandatory to do so.)
add a comment |
For a file to belong to a group (the group is a numerical value), this group doesn't need to exist locally.
THe best example to show this is a USB disk written on a system where GID 600 is locally defined and then moved to a system where it does not exist locally. The files will show up all right, with the numerical value 600 not being resolved to a group name.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1409170%2finconsistency-between-etc-passwd-and-etc-group%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group)- everything works as if such a group exists
Not quite everything: a user can only belong to such a nameless group if it is their primary group, i.e. the group ID is specified on their line in /etc/passwd
. But that is just a consequence of how the non-primary group membership information is stored.
The kernel fundamentally handles the users and groups by UID and GID numbers; the names are essentially just a friendly user interface layer for us humans. POSIX-compliant filesystems also tend to store file ownerships by UID/GID numbers, not by user/group names.
Sometimes it is also necessary to work with incomplete user/group information. For example, a system that is relying on a central LDAP or NIS user database must not destroy file owner/group information merely because a network failure is causing the user information database to be unreachable.
Or when you are restoring a system after a total system disk failure, it would be inconvenient to have an absolute requirement to restore the user/group information first before anything else. (Granted, it might usually be one of the first things you restore, but it is not absolutely mandatory to do so.)
add a comment |
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group)- everything works as if such a group exists
Not quite everything: a user can only belong to such a nameless group if it is their primary group, i.e. the group ID is specified on their line in /etc/passwd
. But that is just a consequence of how the non-primary group membership information is stored.
The kernel fundamentally handles the users and groups by UID and GID numbers; the names are essentially just a friendly user interface layer for us humans. POSIX-compliant filesystems also tend to store file ownerships by UID/GID numbers, not by user/group names.
Sometimes it is also necessary to work with incomplete user/group information. For example, a system that is relying on a central LDAP or NIS user database must not destroy file owner/group information merely because a network failure is causing the user information database to be unreachable.
Or when you are restoring a system after a total system disk failure, it would be inconvenient to have an absolute requirement to restore the user/group information first before anything else. (Granted, it might usually be one of the first things you restore, but it is not absolutely mandatory to do so.)
add a comment |
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group)- everything works as if such a group exists
Not quite everything: a user can only belong to such a nameless group if it is their primary group, i.e. the group ID is specified on their line in /etc/passwd
. But that is just a consequence of how the non-primary group membership information is stored.
The kernel fundamentally handles the users and groups by UID and GID numbers; the names are essentially just a friendly user interface layer for us humans. POSIX-compliant filesystems also tend to store file ownerships by UID/GID numbers, not by user/group names.
Sometimes it is also necessary to work with incomplete user/group information. For example, a system that is relying on a central LDAP or NIS user database must not destroy file owner/group information merely because a network failure is causing the user information database to be unreachable.
Or when you are restoring a system after a total system disk failure, it would be inconvenient to have an absolute requirement to restore the user/group information first before anything else. (Granted, it might usually be one of the first things you restore, but it is not absolutely mandatory to do so.)
What's surprising me is that even though I never created a group with GID 600 (and thus there's no such group in /etc/group)- everything works as if such a group exists
Not quite everything: a user can only belong to such a nameless group if it is their primary group, i.e. the group ID is specified on their line in /etc/passwd
. But that is just a consequence of how the non-primary group membership information is stored.
The kernel fundamentally handles the users and groups by UID and GID numbers; the names are essentially just a friendly user interface layer for us humans. POSIX-compliant filesystems also tend to store file ownerships by UID/GID numbers, not by user/group names.
Sometimes it is also necessary to work with incomplete user/group information. For example, a system that is relying on a central LDAP or NIS user database must not destroy file owner/group information merely because a network failure is causing the user information database to be unreachable.
Or when you are restoring a system after a total system disk failure, it would be inconvenient to have an absolute requirement to restore the user/group information first before anything else. (Granted, it might usually be one of the first things you restore, but it is not absolutely mandatory to do so.)
answered Feb 25 at 9:08
telcoMtelcoM
1,4291512
1,4291512
add a comment |
add a comment |
For a file to belong to a group (the group is a numerical value), this group doesn't need to exist locally.
THe best example to show this is a USB disk written on a system where GID 600 is locally defined and then moved to a system where it does not exist locally. The files will show up all right, with the numerical value 600 not being resolved to a group name.
add a comment |
For a file to belong to a group (the group is a numerical value), this group doesn't need to exist locally.
THe best example to show this is a USB disk written on a system where GID 600 is locally defined and then moved to a system where it does not exist locally. The files will show up all right, with the numerical value 600 not being resolved to a group name.
add a comment |
For a file to belong to a group (the group is a numerical value), this group doesn't need to exist locally.
THe best example to show this is a USB disk written on a system where GID 600 is locally defined and then moved to a system where it does not exist locally. The files will show up all right, with the numerical value 600 not being resolved to a group name.
For a file to belong to a group (the group is a numerical value), this group doesn't need to exist locally.
THe best example to show this is a USB disk written on a system where GID 600 is locally defined and then moved to a system where it does not exist locally. The files will show up all right, with the numerical value 600 not being resolved to a group name.
answered Feb 25 at 9:01
Eugen RieckEugen Rieck
11.3k22429
11.3k22429
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1409170%2finconsistency-between-etc-passwd-and-etc-group%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown