HPE Community
Operating System - HP-UX
1821645 Members
2856 Online
109633 Solutions
New Discussion юеВ

groups command doesn't show NIS group membership

 
Douglas McCracken_1
Advisor

тАО06-25-2002 08:40 AM

тАО06-25-2002 08:40 AM

groups command doesn't show NIS group membership

I am running HP-UX 11.0 on an L-class NIS client. When I run the 'groups' command, it only shows any local group membership (if any); the NIS user's default group doesn't show up, and any NIS group memberships do not show up. The NIS user accounts work fine in every other way that I can think of; the 'id' command shows all groups, including NIS; and the users have the permissions granted to the NIS groups to which they belong. I actually wouldn't care myself, but the people using this server are running programs that require correct output from the 'groups' command:-(. Any ideas?

Thanks,
Doug
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

тАО06-25-2002 09:03 AM

тАО06-25-2002 09:03 AM

Re: groups command doesn't show NIS group membership

Doug,

What does your /etc/nsswitch.conf file contain - in particular for groups?

Pete

Pete
0 Kudos
Reply
S.K. Chan
Honored Contributor

тАО06-25-2002 09:05 AM

тАО06-25-2002 09:05 AM

Re: groups command doesn't show NIS group membership

2 things I can think of ..
1) Your /etc/group.. does it has the entry "+:" at the end of it ?
2) In /etc, the file "logingroup" should be a symbolic link to "group" because in NIS environment if you want the group membership to be managed by NIS this symbolic link must exist. If not do this ..
# cd /etc
# ln -s /etc/group logingroup
0 Kudos
Reply
John Downs_1
Frequent Advisor

тАО06-25-2002 09:10 AM

тАО06-25-2002 09:10 AM

Re: groups command doesn't show NIS group membership




The groups command displays the groups that
you are a member of. Those can be NIS or locally defined groups. Check that that you have a plus sign at the end of /etc/group and that the group entry in /etc/nsswitch.conf has nis files or files nis order defined.

-john
I'd rather be fly fishing for trout!
0 Kudos
Reply
Douglas McCracken_1
Advisor

тАО06-25-2002 09:18 AM

тАО06-25-2002 09:18 AM

Re: groups command doesn't show NIS group membership

Thanks for your quick responses!:-) I do have the standard stuff set up, including group: files nis in nsswitch.conf, /etc/logingroup link, and + in the /etc/group file. The groups command shows local group memberships but not NIS group memberships. Any other ideas?

Thanks,
Doug
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО06-25-2002 09:59 AM

тАО06-25-2002 09:59 AM

Re: groups command doesn't show NIS group membership

I have two thoughts. Are these CDE logins?
Apparently the CDE login does not execute the setgroup() system call but you should at least see the primary group in that case. I would kill the pwgrd and see if the behavior changes.
My groups command does work with NIS on 11.11.
If it ain't broke, I can fix that.
0 Kudos
Reply
Douglas McCracken_1
Advisor

тАО06-25-2002 10:32 AM

тАО06-25-2002 10:32 AM

Re: groups command doesn't show NIS group membership

The logins are simple telnet, not CDE. I did try killing pwgrd, which did not correct the problem.

Thanks,
Doug
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО06-25-2002 10:55 AM

тАО06-25-2002 10:55 AM

Re: groups command doesn't show NIS group membership

Okay, does 'ypcat group' work on this client. I have a funny feeling that you have a corrupt group map. I would go to the NIS master server; cd to /var/yp; and do a make (no harm if not needed). If you see errors then something needs fixing. If you have many uses that are members of the same group, it's possible that they will not fit in a map.

If it ain't broke, I can fix that.
0 Kudos
Reply
S.K. Chan
Honored Contributor

тАО06-25-2002 11:02 AM

тАО06-25-2002 11:02 AM

Re: groups command doesn't show NIS group membership

As Clay has mentioned, having hit the limit in the group file could be the cause of our problem. From "man group"

The length of each line in /etc/group is limited to LINE_MAX, as defined in . Because of this limit, users should not be listed in their primary group - only in any secondary groups. If necessary, primary group inventory can be calculated via the /etc/passwd file.
0 Kudos
Reply
Douglas McCracken_1
Advisor

тАО06-25-2002 11:05 AM

тАО06-25-2002 11:05 AM

Re: groups command doesn't show NIS group membership

I may not have made one point clear -- the NIS group map works fine in terms of ypcat -k group and in terms of allowing permissions according to the assigned groups. So, when I run ypcat, I do see the user IDs as part of the groups needed. Also, the affected user IDs are able to see and modify files & directories as appropriate to the group ownership (as shown by ypcat). Also, there are many Sun servers which are clients for these same NIS mappings that work exactly correctly, including the results from the 'groups' command. But, on the HP servers, the groups command shows only locally-defined groups (no NIS). That last point is interesting -- the maps involved have fairly large numbers of members, as much as around 50. Is it possible the 'groups' command has some limit?

Thanks,
Doug
0 Kudos
Reply
Douglas McCracken_1
Advisor

тАО06-25-2002 11:16 AM

тАО06-25-2002 11:16 AM

Re: groups command doesn't show NIS group membership

If the LINE_MAX to use to determine this limit is the one in /usr/include/limits.h, then it doesn't look like this is the problem, since LINE_MAX is 2048, and the longest NIS group involved is 794 characters. Have I interpreted this correctly?

Thanks,
Doug
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.