HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

/etc/logingroup on 11.23

 
SOLVED
Go to solution
sujit kumar singh
Honored Contributor

/etc/logingroup on 11.23

i have servers running 11.23 HP-UX. can we implement /etc/logingroup to that?
Why is that /etc/logingroup required?


What can be the entries in the /etc/logingroup, why is that required.

is just linking /etc/group to /etc/logingroup sufficient?

Regards
sujit
8 REPLIES

Re: /etc/logingroup on 11.23

>is just linking /etc/group to /etc/logingroup sufficient?

This hasn't been required for several OS releases. What does id(1) show for you?
sujit kumar singh
Honored Contributor

Re: /etc/logingroup on 11.23

Hi

as i logon as root

root # id
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)

id root
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)

$ id
uid=155(sujisin) gid=7000(unix_adm)
$ id sujisin
uid=155(sujisin) gid=7000(unix_adm)
$


these are the O/Ps, i had been working on a Security Audit performed telling that:

For the HPUX operating sytem the etc/login group file which helps regulate user access does not exist. A lack of group settings can lead to inappropriate access to sensitve financial data.


Thats why i had been worried, how to really address this situation.

Please do guide.

regards
sujit

Re: /etc/logingroup on 11.23

>these are the outputs

Are they with and without logingroup?

>Thats why I had been worried, how to really address this situation.

I suppose you can just symlink the files. I can't see any difference without it, contrary to logingroup(4), perhaps because I have NIS?
sujit kumar singh
Honored Contributor

Re: /etc/logingroup on 11.23

Hi


I do not have alogingroup file on my system currently and the above id and id O/ps are so without any /etc/logingroup file on the system.


As per the man page here:


http://www.informatik.uni-frankfurt.de/doc/man/hpux/logingroup.4.html

There are two files of this form in the system, /etc/group and
/etc/logingroup. The file /etc/group exists to supply names for each
group, and to support changing groups by means of the newgrp utility
(see newgrp(1)). /etc/logingroup provides a default group access list
for each user via login and initgroups() (see login(1) and
initgroups(3C)).

The real and effective group ID set up by login for each user is
defined in /etc/passwd (see passwd(4)). If /etc/logingroup is empty
or non-existent, the default group access list is empty. If
/etc/logingroup and /etc/group are links to the same file, the default
access list includes the entire set of groups associated with the
user. The group name and password fields in /etc/logingroup are never
used; they are included only to give the two files a uniform format,
allowing them to be linked together.

that is symlink to /etc/group as /etc/logingroup is going to give users default group access to entire set of group

so i am not able to understand or decide whether to symlink them or to have an empty /etc/logingroup fie.

regards
sujit

Re: /etc/logingroup on 11.23

>I do not have alogingroup file on my system currently and the above id and id outputs are so without any /etc/logingroup file on the system.

It appears that contrary to the documentation, logingroup is near useless, unless you have fewer groups than in /etc/group.

Fiddling with my logingroup, it seems to OR the groups in group and logingroup, if different.
sujit kumar singh
Honored Contributor

Re: /etc/logingroup on 11.23

Hi

anyway i am creating a symlink with the /etc/group tp /etc/logingroup

just need to know the file ownership of the two are correct or not.
ll /etc/group
-r--r--r-- 1 bin bin 630 Dec 12 10:22 /etc/group
l /etc/logingroup
lrwxr-xr-x 1 root sys 10 Dec 16 08:09 /etc/logingroup -> /etc/group



regards
sujit
Solution

Re: /etc/logingroup on 11.23

>just need to know the file ownership of the two are correct or not.

They are fine. The ownership of a symlink is ignored.
sujit kumar singh
Honored Contributor

Re: /etc/logingroup on 11.23

Hi

Thanks for the replies.

Thanks
Sujit