RE: getgroup invalid argument in /var/adm/messages
From: Schubert, John [NTWK SVCS] (jschub01_at_sprintspectrum.com)
Date: 07/24/03
- Previous message: Ramin Dousti: "Re: getgroup invalid argument in /var/adm/messages"
- Maybe in reply to: Schubert, John [NTWK SVCS]: "getgroup invalid argument in /var/adm/messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jul 2003 15:25:00 -0500 To: "Ramin Dousti" <ramin@cannon.eng.us.uu.net>, <djtech@djtech.org>
I believe you're right. I grep'd with the word count (provided below), and came up with 0. I decided to manually go through the file (I'm in the midst of doing it right now) and there are no instances of ssh/d.
The groups file is a means of administering user permissions to groups of files, not processes having permissions for users. However, I wasn't going to argue :-) With the exception of "mail" I don't believe any processes are normally found in /etc/group. Given the sporadic nature of the alarms, it made me believe that it was related to both users logging in and CRONjobs/scripts. With the explanation you provide, it falls in line with what I was thinking. I know in the past we've had problems with some processes due to too many groups in the /etc/group file. I believe NFS or something has a hard time with large numbers of groups in Solaris8.
As I mentioned, I'm editing by hand. So possibly tomorrow I will post a message here. I'll append the subject with <SOLVED> or some telltale.
Thanks again, this is why I love OpenSource !!! You guys are a tremendous help, and hope I can contribute something in return.
John
-----Original Message-----
From: Ramin Dousti [mailto:ramin@cannon.eng.us.uu.net]
Sent: Thursday, July 24, 2003 3:06 PM
To: djtech@djtech.org
Cc: Schubert, John [NTWK SVCS]; Ramin Dousti;
secureshell@securityfocus.com
Subject: Re: getgroup invalid argument in /var/adm/messages
I might be wrong but I don't think its a matter of "sshd" belonging to what
groups. It's the user who is logging into the machine, for whom a forked sshd
is running, belonging to what groups. (I hope my statement is grammatically
correct ;-)
Ramin
On Thu, Jul 24, 2003 at 03:17:20PM -0400, djtech@djtech.org wrote:
> Sounds like SSH is doing its job then. To see how many groups sshd is in use
> this cmd:
>
> grep -v ^# /etc/group|grep sshd|wc -l
>
> Quoting "Schubert, John [NTWK SVCS]" <jschub01@sprintspectrum.com>:
>
> > The only assigned groups I'm aware of are the GID assigned within /etc/group.
> > I decided to take a look at the server's /etc/group file and was astounded.
> > Their group file was thousands of lines long, with dozens blank or containing
> > only a single name for a group. I have a script that we built for rogue
> > systems which we were taking over sys admin duties that also have a group
> > file out of control. So I will run this script and see if the nagging alarm
> > goes away.
> >
> > There were so many lines, I couldn't tell you how many groups are in the
> > file. I would estimate 18-25.
> >
> > Thanks..
> > John
>
- Previous message: Ramin Dousti: "Re: getgroup invalid argument in /var/adm/messages"
- Maybe in reply to: Schubert, John [NTWK SVCS]: "getgroup invalid argument in /var/adm/messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
