HPE Community
Operating System - HP-UX
1833880 Members
2002 Online
110063 Solutions
New Discussion

Re: Changing roots default GID to none default GID

 
Allen DuBeau
Advisor

‎06-10-2005 01:08 AM

‎06-10-2005 01:08 AM

Changing roots default GID to none default GID

I know this is not a very wise thing to be doing but I have searched ITRC and was unable to locate anything that would advocate against changing roots default GID or explain how to do it if it's really not an issue to make the change...

Any help will be greatly appreciated.
"I'm not a guru,don't pretend to be,don't wanna be"
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎06-10-2005 01:11 AM

‎06-10-2005 01:11 AM

Re: Changing roots default GID to none default GID

Here is something on the topic.

Don't do it.

If you change roots GID you may have all kinds of unintended impacts on operation. You may have trouble installing software. Lots of things may go wrong.

Why do you want to do this? I bet myself or others can provide you a better solution.

I never,never,never,ever mess with the root users shell or other settings.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎06-10-2005 01:20 AM

‎06-10-2005 01:20 AM

Re: Changing roots default GID to none default GID

You will cause big problem.

Okay, you "could" change the GID in /etc/passwd and chgrp any files on your system.

HOWEVER, UID 0 and GID 0 have special meaning within the kernel itself, the passwd entry is only a symbolic representation that 0 is root.

I can't predict what would happen, because I have and never will do it. Neither should you.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎06-10-2005 02:29 AM

‎06-10-2005 02:29 AM

Re: Changing roots default GID to none default GID

Leave root in the root group, GID=0, at the very minimum.

No other user accounts have GID=0 (same as no other user accounts have UID=0).
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-10-2005 02:23 PM

‎06-10-2005 02:23 PM

Re: Changing roots default GID to none default GID

Since root has all privileges, changing root's default group has no effect in accessing files and directories. It does have an effect when creating files and directories (it sets the initial group ownership). I would not change it *BUT* I would remove all the extra root entries in the /etc/group file. When you run the id command as root, you see that root is a member of several groups. Normally, this is redundant and has no effect, but specific software can fail if root is a member of more than 8 groups. The extra groups give no additional privilege to root and are simply confusing.


Bill Hassell, sysadmin
0 Kudos
Reply
C. Beerse_1
Regular Advisor

‎06-12-2005 08:01 PM

‎06-12-2005 08:01 PM

Re: Changing roots default GID to none default GID

The other replies are telling you not to change the default gid for root. That is true.

If you need an account with uid 0 and an other gid, you are free to create such an account and call it 'carrot' or such. Then use that. There will be some strange effects where there is 'reverse lookup' of the uid, it all shows as "root" but the running processes use the defined 'gid'. Best to only use the account for the purpose, there might be strange side-effects.

If you just need to run some application with an other gid, set the S-bit on the group. I'm sorry I don't recall any command to change the group on the fly.
make everything as simple as possible, not simpler (A.Einstein??)
0 Kudos
Reply
vinod_25
Valued Contributor

‎06-12-2005 08:56 PM

‎06-12-2005 08:56 PM

Re: Changing roots default GID to none default GID

hi

changing a root's group id is not recommended as it can create undesirable results...

But on a test server i have changed the root's gid and edited the /etc/group file and added an additional entry as the same root account with a different gid... the files newly created have the same gid label but the files had the group gid number of the very first entry in /etc/group file, and the existing files remained in old gid group.
# cat /etc/group
root::1000:root
root::0:root
other::1:root,hpdb
bin::2:root,bin

I have tried it only on a test server... dont know what effect it will take on applications and database...

Regards
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-13-2005 02:44 AM

‎06-13-2005 02:44 AM

Re: Changing roots default GID to none default GID

From a security point of view, duplicate UID values for different users is not recommended, especially for root. Use the logins -d command to locate these problem accounts.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.