1753768
Members
5768
Online
108799
Solutions
SOLVED
Not a perfect solution, but might work... The clue I think is in the man page for usermod:
-G group Specifies the integer group ID or character
string name of an existing group. This
redefines the supplemental group memberships
of the new login. Duplicates within group
with the -g and -G options are ignored.
Specifically "Duplicates within group with the -g and -G options are ignored."
So you can take advantage of that by specifying just the primary group for the user on the usermod command... for example, I have a user "duncan" primary group "users":
# grep duncan /etc/group
# grep duncan /etc/passwd
duncan:*:105:20::/home/duncan:/sbin/sh
# grep :20: /etc/group
users::20:root
Now I add this user to a couple of secondary groups:
# usermod -G dba,dba2 duncan
# grep duncan /etc/group
dba::200:oracle,duncan
dba2::102:duncan
Now I want to take the user out of those seondary groups:
# usermod -G users duncan
# grep duncan /etc/group
users::20:root,duncan
So user duncan now shows as having a secondary group membership of group "users" although that is actually its primary group - I'm not sure this matters apart from making the group file harder to read...
HTH
Duncan
I am an HPE Employee
-G group Specifies the integer group ID or character
string name of an existing group. This
redefines the supplemental group memberships
of the new login. Duplicates within group
with the -g and -G options are ignored.
Specifically "Duplicates within group with the -g and -G options are ignored."
So you can take advantage of that by specifying just the primary group for the user on the usermod command... for example, I have a user "duncan" primary group "users":
# grep duncan /etc/group
# grep duncan /etc/passwd
duncan:*:105:20::/home/duncan:/sbin/sh
# grep :20: /etc/group
users::20:root
Now I add this user to a couple of secondary groups:
# usermod -G dba,dba2 duncan
# grep duncan /etc/group
dba::200:oracle,duncan
dba2::102:duncan
Now I want to take the user out of those seondary groups:
# usermod -G users duncan
# grep duncan /etc/group
users::20:root,duncan
So user duncan now shows as having a secondary group membership of group "users" although that is actually its primary group - I'm not sure this matters apart from making the group file harder to read...
HTH
Duncan
I am an HPE Employee
Also, on 11.31 there are some extensions to the groupmod command which will allow you to accomplish this... using the same example as above, if user duncan is a secondary member of groups dba and dba2 then:
groupmod -d -l duncan dba
groupmod -d -l duncan dba2
would accomplish what you require
This isn't available on 11.11, and I don't have a 11.23 system to look at to see if this option exists, but I suspect not, as it doesn't appear on the 11.23 man pages on hp.com...
HTH
Duncan
I am an HPE Employee
groupmod -d -l duncan dba
groupmod -d -l duncan dba2
would accomplish what you require
This isn't available on 11.11, and I don't have a 11.23 system to look at to see if this option exists, but I suspect not, as it doesn't appear on the 11.23 man pages on hp.com...
HTH
Duncan
I am an HPE Employee
Matt,
OK re the line limitation, I'm sure you've seen the note in the usermod man page about this:
While modifying the user login, the username is not added to the
primary group entry in the /etc/group file. If a supplemental group
is specified, the user is added to the supplemental group. If the
size of a group entry in /etc/group file exceeds LINE_MAX limit, a new
entry of the same group is created and a warning message is issued.
See limits(5) for the value of LINE_MAX.
Makes for messy /etc/group files, but it at least works...
HTH
Duncan
I am an HPE Employee
OK re the line limitation, I'm sure you've seen the note in the usermod man page about this:
While modifying the user login, the username is not added to the
primary group entry in the /etc/group file. If a supplemental group
is specified, the user is added to the supplemental group. If the
size of a group entry in /etc/group file exceeds LINE_MAX limit, a new
entry of the same group is created and a warning message is issued.
See limits(5) for the value of LINE_MAX.
Makes for messy /etc/group files, but it at least works...
HTH
Duncan
I am an HPE Employee
