HPE Community
Operating System - HP-UX
1755420 Members
3258 Online
108832 Solutions
New Discussion юеВ

Duplicate user account references and gid of -24 for user nobody

 
SOLVED
Go to solution
Gary Cooper_1
Esteemed Contributor

тАО05-26-2005 08:38 PM

тАО05-26-2005 08:38 PM

Duplicate user account references and gid of -24 for user nobody

I'm trying to rationalise some of the user accounts on my network and have got a couple of queries...

I have an account that is defined in /etc/passwd on about half a dozen machines. What I want to do is to put the account under NIS. My question is... could I run into problems if I create the NIS account before I remove the /etc/passwd entries? I.e. at a given point in time, it will be defined in both /etc/passwd and in NIS.

As a follow on from that (still part of the first question). What would happen if /etc/passwd and NIS conflict (bearing in mind passwd is not configured in any of the nsswitch.conf's).

My second question is... on all of my systems except one, account 'nobody' has gid -2. On one single machine, it has a gid of -24. Any ideas why this should be different? Would there be any issues if I just changed it in /etc/passwd to -2?

Thanks,

Gary
0 Kudos
7 REPLIES 7
Simon Hargrave
Honored Contributor

тАО05-26-2005 08:54 PM

тАО05-26-2005 08:54 PM

Re: Duplicate user account references and gid of -24 for user nobody

What do you mean when you say "passwd is not configured in any of the nsswitch.conf's"? Surely there is an entry for passwd to specify the search order?

In terms of conflicts, if your nsswitch entry for passwd is files then nis, the nis credentials will be ignored until the local account is deleted.

As for nobody, usually there isn't an entry in /etc/passwd for nobody on hpux. -2 is an implicit UID (referenced in /usr/include/pwd.h). Whilst you can have an entry in passwd to refer to it by name it isn't a requirement of ftpd.

I would be tempted to investigate why you have these entries on all your servers though, and whether any other processes (perhaps Apache?) actually run as nobody that you may affect by changing this.
0 Kudos
Gary Cooper_1
Esteemed Contributor

тАО05-26-2005 09:14 PM

тАО05-26-2005 09:14 PM

Re: Duplicate user account references and gid of -24 for user nobody

Hi Simon,

When I say "passwd is not configured in any of the nsswitch.conf's" I mean that there is NO entry for passwd to specify the search order, hence my question.

On the subject of the 'nobody' account, these /etc/passwd entries are created as part of the regular installation process for HP-UX 11.11. I haven't created them, none of the third party software that I have installed has created them and they appear as soon as the Instant Ignition process has completed.

Thanks,

Gary
0 Kudos
Simon Hargrave
Honored Contributor

тАО05-26-2005 09:55 PM

тАО05-26-2005 09:55 PM

Re: Duplicate user account references and gid of -24 for user nobody

Any reason there is no passwd entry in your nsswitch? because there should be!

I'm not sure what the passwd libraries will use as "default", presumably something compiled in, which may or may not be "files nis", however if you don't explicity specify it how do you know? I can see no reason to not have an entry for passwd.

In terms of nobody being in your passwd file, it's not on any of our servers. However I guess it's possible that one of your apllications you install with ignite adds this (perhaps samba? apache?)
0 Kudos
Stephen Keane
Honored Contributor

тАО05-26-2005 10:05 PM

тАО05-26-2005 10:05 PM

Re: Duplicate user account references and gid of -24 for user nobody

We've got the user nobody in our passwd files, group-id -2. But we do have Ignite and Samba installed, so perhaps Samba creates the user?
0 Kudos
Pete Randall
Outstanding Contributor

тАО05-26-2005 11:11 PM

тАО05-26-2005 11:11 PM

Solution

Re: Duplicate user account references and gid of -24 for user nobody

The nobody account is part of a plain, vanilla HP-UX install - nothing to do with Samba or anything else (unless that's how it got switched from -2 to -24!). On my systems, nobody is uid -2 and gid 60001 - I assume that's the norm and I would definitely, in your case, try switching the -24 back to -2.

As far as the coexistence of accounts in NIS and FILES, your nsswitch.conf should handle the precedence - if it finds the account in whichever is specified (or defaulted to) first, then it won't look in the other.


Pete

Pete
0 Kudos
Gary Cooper_1
Esteemed Contributor

тАО05-27-2005 12:52 AM

тАО05-27-2005 12:52 AM

Re: Duplicate user account references and gid of -24 for user nobody

Hi Guys,

Thsnks for the responses. Pete partially answered my question when he said "if it finds the account in whichever is specified (or defaulted to) first, then it won't look in the other", however the key point was that none of my nsswitch.conf's have a passwd entry, so what happens?

I actually found the answer in the 'man' page -

The compiled-in default entries for all databases use NIS (YP) as the enterprise level name-service and are identical to those in the default configuration of this file:

passwd: files nis
group: files nis
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files

Thanks again,

Gary
0 Kudos
Gary Cooper_1
Esteemed Contributor

тАО05-27-2005 12:53 AM

тАО05-27-2005 12:53 AM

Re: Duplicate user account references and gid of -24 for user nobody

Thanks Guys.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.