RE: getgroup invalid argument in /var/adm/messages {SOLVED}

• Previous message: dsa main: "Whether SSH2_MSG_IGNORE message is "ignored" in OpenSSH ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 25 Jul 2003 09:05:12 -0500
To: "Schubert, John [NTWK SVCS]" <jschub01@sprintspectrum.com>

Thanks for the help. This ended up not being a SSH problem, but a sys admin problem. Our network security is managing user accounts, and apparently their script just adds new users to the end of the group file (rather than filing them neatly within the existing group entries).

Long story short: I trimmed, by hand, the /etc/group file from 3500 lines down to 238 (I love VI :-) I left a "tail -f /var/adm/messages | grep -i sshd" running all night and it was clean this morning. So the system is happy.

Long story Longer: I know this isn't exactly SSH related, but I'll share for anyone who may not be familiar with managing large numbers of users.
Example of clean way of adding users to a group file:
root::0:
group1::100:user1,user2,user3,user4... (however, try to keep number of users per line from wrapping to next line)
group2::101:user1,user3
group3::102:user2,user4

Dirty way of managing /etc/group (and a small example of what I found)
root::0:root
group1::100:
group1::100:user1
group3::102:user4
group1::100:user2,user3
group2::101:user3
group2::101:user1
group3::102:user4
group1::100:user4

This is what caused SSHd to complain as it tried to find the groups each user was within. It's also murder to look at and manage. I have a hunch users were also experiencing slowdowns upon trying to log in. I've put a call in to try and get them to change their ways before the rest of the servers start complaining.

Thanks again,
John

-----Original Message-----
From: Schubert, John [NTWK SVCS]
Sent: Thursday, July 24, 2003 3:25 PM
To: Ramin Dousti; djtech@djtech.org
Cc: secureshell@securityfocus.com
Subject: RE: getgroup invalid argument in /var/adm/messages

I believe you're right. I grep'd with the word count (provided below), and came up with 0. I decided to manually go through the file (I'm in the midst of doing it right now) and there are no instances of ssh/d.

The groups file is a means of administering user permissions to groups of files, not processes having permissions for users. However, I wasn't going to argue :-) With the exception of "mail" I don't believe any processes are normally found in /etc/group. Given the sporadic nature of the alarms, it made me believe that it was related to both users logging in and CRONjobs/scripts. With the explanation you provide, it falls in line with what I was thinking. I know in the past we've had problems with some processes due to too many groups in the /etc/group file. I believe NFS or something has a hard time with large numbers of groups in Solaris8.

As I mentioned, I'm editing by hand. So possibly tomorrow I will post a message here. I'll append the subject with <SOLVED> or some telltale.

Thanks again, this is why I love OpenSource !!! You guys are a tremendous help, and hope I can contribute something in return.

John

-----Original Message-----
From: Ramin Dousti [mailto:ramin@cannon.eng.us.uu.net]
Sent: Thursday, July 24, 2003 3:06 PM
To: djtech@djtech.org
Cc: Schubert, John [NTWK SVCS]; Ramin Dousti;
secureshell@securityfocus.com
Subject: Re: getgroup invalid argument in /var/adm/messages

I might be wrong but I don't think its a matter of "sshd" belonging to what
groups. It's the user who is logging into the machine, for whom a forked sshd
is running, belonging to what groups. (I hope my statement is grammatically
correct ;-)

Ramin

On Thu, Jul 24, 2003 at 03:17:20PM -0400, djtech@djtech.org wrote:

> Sounds like SSH is doing its job then. To see how many groups sshd is in use
> this cmd:
>
> grep -v ^# /etc/group|grep sshd|wc -l
>
> Quoting "Schubert, John [NTWK SVCS]" <jschub01@sprintspectrum.com>:
>
> > The only assigned groups I'm aware of are the GID assigned within /etc/group.
> > I decided to take a look at the server's /etc/group file and was astounded.
> > Their group file was thousands of lines long, with dozens blank or containing
> > only a single name for a group. I have a script that we built for rogue
> > systems which we were taking over sys admin duties that also have a group
> > file out of control. So I will run this script and see if the nagging alarm
> > goes away.
> >
> > There were so many lines, I couldn't tell you how many groups are in the
> > file. I would estimate 18-25.
> >
> > Thanks..
> > John
>

• Previous message: dsa main: "Whether SSH2_MSG_IGNORE message is "ignored" in OpenSSH ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]