HPE Community
Operating System - HP-UX
1832973 Members
2587 Online
110048 Solutions
New Discussion

Re: logingroup

 
SOLVED
Go to solution
Jayesh shah
Frequent Advisor

‎06-29-2002 08:43 AM

‎06-29-2002 08:43 AM

logingroup

Hi,

Does anyone know what is the file /etc/logingroup used for?

Is it required ? Does it provide some additional (security) features over /etc/group?

I read manpage, but could not understand the importance of having this file? Any examples where it can be useful.

Regards,
Jayesh
0 Kudos
Reply
7 REPLIES 7
S.K. Chan
Honored Contributor

‎06-29-2002 10:30 AM

‎06-29-2002 10:30 AM

Re: logingroup

Lets take an example .. user "skchan" belongs to 2 different group "lab" and "admin". So in /etc/group you would see "skchan" appearing in the "lab" and "admin" list. Now skchan logs into a machine that does not have /etc/logingroup file. The only way he can inherit the group rights "admin" (assuming his primary group is "lab") is for him to switch to group "admin" by running ...
$ newgrp admin
On the other hand if /etc/logingroup exist and has the entries, when skchan logs into the machine there is no need for him to run "newgrp" everytime he wants to switch group, in ther words it's transparent.
Usually a symbolic link is created in /etc..
# cd /etc
# ln -s /etc/group logingroup
to enable the "transparent" multiple group ownership behavior. I do not know of any security implication, it's more towards convenience of not having to run "newgrp" everytime the user wants to switch group.
Check out this document also for better understanding..

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90696/B2355-90696_top.html&con=/hpux/onlinedocs/B2355-90696/00/00/44-con.html&toc=/hpux/onlinedocs/B2355-90696/00/00/44-toc.html&searchterms=logingroup&queryid=20020629-111440

Hope it helps ..
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

‎06-29-2002 10:31 AM

‎06-29-2002 10:31 AM

Re: logingroup

Hi,

The /etc/logingroup is used for HP UX version prior to 11.0. It is used to make the seondary groups of the user active when he logs into the system. Any user will always have a primary group which will be his gid (group) in the /etc/passwd file. The user may be present in other groups also and those other groups are secondary groups..they are specified in /etc/group file

In hp-ux 10.20, when a user logs in, only his primary group is active. When he enters 'groups' at the command line, he sees only one group listed although he is a member of many groups. When he enters 'groups username', he sees the names of all the groups to which he belongs.

Hope I have clarified your doubt

Piyush

/etc/logingroup consists of the secondary group which the user belongs to.

The users cannot perform tasks which rely on permissions associated to their secondary groups only if only /etc/group is present.

Hence we link the /etc/logingroup to /etc/group

ln -s /etc/group /etc/logingroup

Piyush
0 Kudos
Reply
Wodisch
Honored Contributor

‎06-29-2002 10:33 AM

‎06-29-2002 10:33 AM

Re: logingroup

Hello Jayesh,

in the past (System V past, not Berkeley) a process was only member of one group at a time, and to change you had to use the command "newgrp" (which started a new shell, which then was owned by the same user, but the new group).
The group you were member of was the "primary" group, i.e. the one listed as fourth parameter in "/etc/passwd".
Now on HP-UX there is a tradition to make your login-session member of all the groups you are listed in "/etc/logingroup". And for the sake of laziness, most just sym-linked "/etc/group" to "/etc/logingroup"...

HTH,
Wodisch
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

‎06-29-2002 10:37 AM

‎06-29-2002 10:37 AM

Solution

Re: logingroup


Hi,
Suppose I create a new user pdp with its primary group as Staff, and add it to another group Admin.
But when I login as pdp and try to open a file which has the group permission of Admin, the system reject me said 'permission denied'.But I can access the files that has Staff group permission.
When I use following command it shows:

$groups
Staff

$groups pdp
Admin Staff

The above is the scenario when /etc/logingroup is not present

When a user logs into a system, /etc/passwd, /etc/group, and /etc/logingroup are referenced. /etc/passwd indicates the primary group for the user. /etc/group indicates the additional groups that a user has permission to access at some point in his login session. /etc/logingroup indicates ALL the groups that the user has access permissions to immediately after he logs into the machine. Without /etc/logingroup, the user will be required to use the newgrp command in order to access files that are not part of his primary group. A link form /etc/logingroup to /etc/group simply makes everything accessable at login. But there may be a situation where you may desire a user to have access to multiple groups at login but not necessarily all of the groups that he has rights to. In this case /etc/logingroup would be a separate file and would only contain the groups that he would have access to at login time.

The above is not true for 11.X OS, Solaris and AIX systems. Only for HPUX versions lower then 11.0 have this problem.

Piyush
Reply
Jayesh shah
Frequent Advisor

‎06-29-2002 10:52 AM

‎06-29-2002 10:52 AM

Re: logingroup

Hi,

Thank you everybody.
Piyush, Does it mean that
the file /etc/logingroup on HP-UX 11.X is not used.

Can I remove the file from my system?


On similar lines, I wanted to know whether we can have any privileges associated with group and is there any file we can manipulate either directly or through some utility?

Regards,
Jayesh

0 Kudos
Reply
Arockia Jegan
Trusted Contributor

‎06-29-2002 12:00 PM

‎06-29-2002 12:00 PM

Re: logingroup

Jayesh,

By default in hpux 11.0 and above version you won't see the logingroup file under etc directory.


You can use "sudo" to assign privileges to groups. You can find out the sudo software in the following link,

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

After installing the sudo software modify the sudoers file to setup the privileges to the users/groups

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-29-2002 03:07 PM

‎06-29-2002 03:07 PM

Re: logingroup

/etc/logingroup is used *if* it exists. The contents of logingroup do not have to match /etc/group although it would be a mess to manage if they were different. So I would remove /etc/logingroup (it's probably a symklink). In 11.0, when logingroup does not exist, the behavior is that each user is a member (has group privileges) of all groups listed in /etc/group.

Use the id command to show this membership. In 10.20, without logingroup, users will be a member of only one group.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.