Tag Archives: GID

Linux

Can't chgrp. Error – chgrp: changing group of `<file>': Invalid argument

Leave a comment

By venmx

I found that I cannot chgrp for some reason with error:

chgrp: changing group of `’: Invalid argument

This happens on all NFS mounted disks on client machines.

We use AD (not my call) for authentication and it also provides groups.

We have a NFS server running Scientific Linux 6.3 which mounts SAN devices on FC connect. These are then exported via NFS. Clients are all CentOS 6.4.

The clients hard mounts the user’s home disk with intr,sync and various tuning options. The other disks use autofs.

AD is configured so that each user has a matching UID and GID, essentially making them the exclusive member of their own group. Not useful for sharing files unless you don’t mind making all your files accessibly by world, o+.

We need groups so that we can add members who are then able to chgrp what ever files they’d like to share with members of the same group. All seems pretty straight forward so far.

I used to run OpenLDAP with Kerberos to do all this, I had LDAP manage autofs and groups. Everything worked perfectly.

But now I cannot chgrp.

The permissions of the exported directories on the NFS server are:
drwx–x–x root root /san/home
drwxrwxrwx root root /san/otherdisks

But under home each user directory is owned by the user:
drwx–x–x user1 user1 /san/home/user1

NOTE: “other” means machines within same organization using same AD but built by other departments, “this” means the machines I built.

In the following scenarios it fails:

1. As AD user on “this” client machine on own home on “this” NFS server.
2. As AD user on “this” client machine on automounted disk on “this” NFS server.
3. As root on “this” client machine on automounted disk on “this” NFS server.

In the following scenarios it works:

1. As AD user on “this” client on local partitions where permissions allow.
2. As AD user logged in directly on “this” NFS server on any partition where permissions allow, including on SAN disks.
3. As root on “this” file server on any partition.
4. As AD user on “other” clients on export from “this” NFS server.
5. As AD user on “other” clients on export from “other” NFS server.
6. As AD user on “this” client on export from “other” NFS server.

This issue shows itself when I extract TAR files whilst on client machines to NFS exported shares as AD user or root, can’t chgrp!

I can do everything else, I can create, delete, even do newgrp and change my default group then create new files belonging to me with GID of new group. But still can’t chgrp

From: http://www.unix.com/red-hat/221091-cant-chgrp-error-chgrp-changing-group-file-invalid-argument.html

Linux

RBAC and LDAP users (AD)

Leave a comment

By Janpol

Hello everyone, I am having trouble with something, and I can’t find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.

So far so good, but now, we want to implement RBAC on AIX so we can grant privileged access to certain users (like DBAs or Sysadmins) without using su or having everyone using the root account. The problem that I have, is that when I want to assing a role to a user on a server the chuser command fails, since it cannot find the user (it’s on AD, and not defined locally). I use the following command to assign the role:

Code:
chuser roles=test_role test_user

Is there a way for me to tell the chuser command to get the user information from AD? Or can I define manually the roles for each user? (maybe in the /etc/security/user.roles file?).

If that doesn’t work I’m going to try defining groups in AD with the same GID as local groups, and handling everything via the sudoers file, but I would like to hear from your experiences.

Best Regards,

Juan

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

News, Politics, Government

Oklahoma providing 2 inmates with cross-gender hormones

Leave a comment

The state Corrections Department provides cross-gender hormones to two of the nearly 25,000 inmates serving time in Oklahoma prisons.

Department spokesman Jerry Massie said the state prison system will provide such hormones “when it’s medically appropriate,” but that such cases are rare.

The department is being sued by a male inmate who wants hormones, laser hair removal, counseling and eventually a sex-change operation as treatment for gender identity disorder, with which the inmate claims to be afflicted.

Ronny Darnell, a convicted rapist serving a lengthy sentence at James Crabtree Correctional Center, filed the lawsuit against the state Corrections Department in 2012, claiming he is being punished in a cruel and unusual fashion because the state agency won’t treat his condition.

Gender identity disorder is characterized by an overwhelming sense by those afflicted that they would be happier if they were the opposite sex. Darnell is not being treated by prison doctors for the disorder, which is commonly referred to as GID.

“There’s only one official GID offender,” Massie told The Oklahoman (http://is.gd/ulS12o). “On this particular person … they had had some procedures done prior to incarceration, so it’s medically appropriate to prescribe the hormones.”

Massie said the other inmate is receiving cross-gender hormones “for a medical issue not related to GID.”

The hormones, which Massie did not name, range in price. The monthly prescription for one of the inmates is $158.73. The other’s is only $3.73 per month.

What Darnell is wanting would likely cost more than what the department is paying now.

In a court filing, the 44-year-old inmate claims that he is deeply depressed and has tried to castrate himself multiple times while behind bars.

“They are denying me any kind of medical treatment at all for my serious medical need,” Darnell wrote in the suit. “I am a female not a male. I was just born in the wrong body.”

The inmate wrote that being denied hormone treatment “has changed me in ways I do not like.”

“It has deepened my voice to sound like a man,” Darnell wrote. “It puts me into a great depression and gives me anxiety attacks on a daily basis.”

Darnell’s lawsuit is pending in federal court. He has no lawyer but recently asked a judge to appoint one to his case, records show.

Whether Darnell was receiving treatment before entering prison may not matter — if the court looks to rulings in similar cases.

In July 2007, a federal judge in Idaho ordered the state to provide hormone therapy to a male inmate who described himself as a woman trapped in a man’s body.

Nearly three years later, a federal judge in Wisconsin struck down a state law that prohibited the use of taxpayer money to pay for inmates’ hormone therapy. The decision was upheld by a federal appeals court judge.

More recently, a federal judge in Massachusetts ordered the state’s prison system to pay for a gender reassignment operation for convicted murderer Michelle Kosilek, a decision the state has appealed.

It is thought to be the first time a judge has ordered the surgery as a remedy to …read more
Source: FULL ARTICLE at Fox US News

Linux

Dealing with white spaces in bash scripts

Leave a comment

By venmx

I’m trying to search for all files in directory with particular GID then change the GID to match the UID of each file:

Code:
#!/bin/sh

for i in $(find /dump -gid 200 | sed 's/ /\ /g' | sed 's/&/\&/g'); do
chgrp $(ls -ln ${i} | awk '{print $3}') ${i}
done

I’m using sed to deal with spaces and special characters.

I get a clean output from the find command when run on its own; I also get the desired result when I run chgrp and substitute a line from output of find into each instance of variable ${i}.

But when I run the script, I get many errors and not all the files/directories have been chgrp as desired.

Here’s an excerpt of the errors I’m seeing:

Code:
chgrp: missing operand after `/dump/aaa36/.evolution/memos/config'
Try `chgrp --help' for more information.
chgrp: missing operand after `/dump/aaa36/.evolution/calendar/config'
Try `chgrp --help' for more information.
chgrp: missing operand after `/dump/aaa36/.evolution/tasks/config'
Try `chgrp --help' for more information.
chgrp: missing operand after `/dump/aaa36/.evolution/cache'
Try `chgrp --help' for more information.
ls: cannot access /dump/aaa36/untitled: No such file or directory
chgrp: missing operand after `/dump/aaa36/untitled\'
Try `chgrp --help' for more information.
ls: cannot access folder: No such file or directory
chgrp: missing operand after `folder'
Try `chgrp --help' for more information.
ls: cannot access /dump/aaa36/untitled: No such file or directory
chgrp: missing operand after `/dump/aaa36/untitled\'
Try `chgrp --help' for more information.
ls: cannot access folder/neutron_EDM.pdf: No such file or directory
chgrp: missing operand after `folder/neutron_EDM.pdf'
Try `chgrp --help' for more information.

Please tell me what I’m doing wrong?! Thanks 🙂

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Grep – Searching for multiple items using one command

Leave a comment

By @MeDaveT

I am performing a regular check on UNIX servers which involves logging onto UNIX servers and using the grep command to check if a GID exists in the /etc/group directory

e.g. grep 12345 /etc/group

I have five to check on each server, is there anyway I can incorporate them into one command and get an output if the group exists.

e.g. The GIDs are 12345 54321 56789 98765 12986

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Bash for multiple accounts with auto-gen passwords

Leave a comment

By Shelldorado

Hello,

I am studying few things on unux and scripting. I need a script to create bulk users in unux. I need some assistance from you for creating 100 or more User IDs using a bash script:

Here’s my requirements:

1. I need to create 100 or even more user ids of different naming
conventions. So, I would like to have a separate file(Example:
usernames.txt) where I can paste the user ids, Name for Each ID, Group Name
or GID, Serial Number) and call that file in the script

2. The script should contain the block of code that will auto-generate
random 8-character long alphanumeric and mixed-case passwords without
special characters or symbols(Something like

< /dev/urandom tr -dc
A-Za-z0-9_ | head -c8 )

for each ID and these system-generated passwords should be saved in a different file after the script is run. (Example:
passwords.txt)

I googled but couldn’t find a solid script for my above requirements.

Source: FULL ARTICLE at The UNIX and Linux Forums