Removing secondary groups with usermod -G

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Removing secondary groups with usermod -G

Steve Clarke-3
I have read on the hindernet, that to remove a user from a group,
you simply run usermod -G, and omit the group that you want the
user to be removed from.  These posts are often associated with
HPUX and Solaris.

The same does not work with OpenBSD, and on looking into the code
(user.c), it is clear that the functionality to remove users from a group is
simply not there.

This issue has been around for 10 years (see the following links):

http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2

I am looking for the ability to remove users from groups, and I am quite
capable of modifying user.c to provide compatibility, but there may be a
better way ...

My questions are:

1. Is there a different application which can be used to remove users
    from secondary groups? (I'd like to automate, so vi isn't an option)?

2. Should the -G switch be used to remove users from groups so the
   operation is consistent with that of HPUX and Solaris.

3. What is the ettiquette for agreeing an additional functionality, and
    submitting patches, once I've made the user.c modifications?

Thanks and Regards,

Steve C

CPB
Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

CPB
On Mon, Mar 21, 2011 at 05:50:37PM +0000, Steve Clarke wrote:

> I have read on the hindernet, that to remove a user from a group,
> you simply run usermod -G, and omit the group that you want the
> user to be removed from.  These posts are often associated with
> HPUX and Solaris.
>
> The same does not work with OpenBSD, and on looking into the code
> (user.c), it is clear that the functionality to remove users from a group is
> simply not there.
>
> This issue has been around for 10 years (see the following links):
>
> http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
>
> I am looking for the ability to remove users from groups, and I am quite
> capable of modifying user.c to provide compatibility, but there may be a
> better way ...
>
> My questions are:
>
> 1. Is there a different application which can be used to remove users
>     from secondary groups? (I'd like to automate, so vi isn't an option)?
>
> 2. Should the -G switch be used to remove users from groups so the
>    operation is consistent with that of HPUX and Solaris.
>
> 3. What is the ettiquette for agreeing an additional functionality, and
>     submitting patches, once I've made the user.c modifications?
>
> Thanks and Regards,
>
> Steve C
>

I use a small script with sed to make one line changes in files.
It asks for the file location and what to match. making it substitute nothing  would remove a line from /etc/group or drop a single user and insert the changed line back. OpenBSD's form of sed requires you to output to a new file and mv that back to original. But that isn't a big deal.

I mostly use the script myself to change many html/css files to reflect a site or server wide change. Very fast and easy. And very  simple to automate.

Chris Bennett

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Stuart Henderson
In reply to this post by Steve Clarke-3
On 2011-03-21, Steve Clarke <[hidden email]> wrote:

> I have read on the hindernet, that to remove a user from a group,
> you simply run usermod -G, and omit the group that you want the
> user to be removed from.  These posts are often associated with
> HPUX and Solaris.
>
> The same does not work with OpenBSD, and on looking into the code
> (user.c), it is clear that the functionality to remove users from a group is
> simply not there.
>
> This issue has been around for 10 years (see the following links):
>
> http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
>
> I am looking for the ability to remove users from groups, and I am quite
> capable of modifying user.c to provide compatibility, but there may be a
> better way ...
>
> My questions are:
>
> 1. Is there a different application which can be used to remove users
>     from secondary groups? (I'd like to automate, so vi isn't an option)?

I am fairly sure we don't have anything to do that.

> 2. Should the -G switch be used to remove users from groups so the
>    operation is consistent with that of HPUX and Solaris.

That makes sense to me.

> 3. What is the ettiquette for agreeing an additional functionality, and
>     submitting patches, once I've made the user.c modifications?

The best way is to send a diff to tech@ (cvs diff -u, inline in a
plaintext email body).

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Kevin Chadwick-2
In reply to this post by CPB
On Mon, 21 Mar 2011 13:18:41 -0500
Chris Bennett wrote:

> OpenBSD's form of sed requires you to output to a new file and mv that back to original. But that isn't a big deal.

I'm fairly sure that that is what all seds do but just hide it from the
user. Easier to use but raises questions about seding sensitive files,
not that I do.

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

William Boshuck
In reply to this post by CPB
On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:

> OpenBSD's form of sed requires you to output to a new file and
> mv that back to original.

.. or one could use ed, or perl, to change a file in place.

-wb

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Bret S. Lambert-2
On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck <[hidden email]> wrote:
> On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
>
>> OpenBSD's form of sed requires you to output to a new file and
>> mv that back to original.
>
> .. or one could use ed, or perl, to change a file in place.

What happens if ed, or perl, corrupts a system file in place?

>
> -wb

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Piotr Dacko
--- On Tue, 3/22/11, Bret Lambert <[hidden email]> wrote:

> From: Bret Lambert <[hidden email]>
> Subject: Re: Removing secondary groups with usermod -G
> To: "William Boshuck" <[hidden email]>
> Cc: [hidden email]
> Date: Tuesday, March 22, 2011, 7:10 AM
> On Mon, Mar 21, 2011 at 9:45 PM,
> William Boshuck <[hidden email]>
> wrote:
> > On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris
> Bennett wrote:
> >
> >> OpenBSD's form of sed requires you to output to a
> new file and
> >> mv that back to original.
> >
> > .. or one could use ed, or perl, to change a file in
> place.
>
> What happens if ed, or perl, corrupts a system file in
> place?
>
> >
> > -wb
>
>
Hmm, do backup first?

piotr

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Paul de Weerd
In reply to this post by Bret S. Lambert-2
On Tue, Mar 22, 2011 at 06:10:21AM +0100, Bret Lambert wrote:
| On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck <[hidden email]> wrote:
| > On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
| >
| >> OpenBSD's form of sed requires you to output to a new file and
| >> mv that back to original.
| >
| > .. or one could use ed, or perl, to change a file in place.
|
| What happens if ed, or perl, corrupts a system file in place?

The same thing that happens when sed creates a corrupt temporary file
that is then used to replace its input: brokenness.

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/                 

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Ted Unangst-2
In reply to this post by Bret S. Lambert-2
perl doesn't actually edit the file in place, it just automates the tmp file
handling.

On Mar 22, 2011, at 1:10 AM, Bret Lambert <[hidden email]> wrote:

> On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck <[hidden email]>
wrote:

>> On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
>>
>>> OpenBSD's form of sed requires you to output to a new file and
>>> mv that back to original.
>>
>> .. or one could use ed, or perl, to change a file in place.
>
> What happens if ed, or perl, corrupts a system file in place?
>
>>
>> -wb

Reply | Threaded
Open this post in threaded view
|

Re: Removing secondary groups with usermod -G

Steve Clarke-3
In reply to this post by Stuart Henderson
On Monday 21 Mar 2011 19:54:09 Stuart Henderson wrote:

> On 2011-03-21, Steve Clarke <[hidden email]> wrote:
> > I have read on the hindernet, that to remove a user from a group,
> > you simply run usermod -G, and omit the group that you want the
> > user to be removed from.  These posts are often associated with
> > HPUX and Solaris.
> >
> > The same does not work with OpenBSD, and on looking into the code
> > (user.c), it is clear that the functionality to remove users from a group
> > is simply not there.
> >
> > This issue has been around for 10 years (see the following links):
> >
> > http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> > http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
> >
> > I am looking for the ability to remove users from groups, and I am quite
> > capable of modifying user.c to provide compatibility, but there may be a
> > better way ...
> >
> > My questions are:
> >
> > 1. Is there a different application which can be used to remove users
> >     from secondary groups? (I'd like to automate, so vi isn't an option)?
>
> I am fairly sure we don't have anything to do that.
>
> > 2. Should the -G switch be used to remove users from groups so the
> >    operation is consistent with that of HPUX and Solaris.
>
> That makes sense to me.
>
> > 3. What is the ettiquette for agreeing an additional functionality, and
> >     submitting patches, once I've made the user.c modifications?
>
> The best way is to send a diff to tech@ (cvs diff -u, inline in a
> plaintext email body).
>

Thanks Stuart, that's pointed me in exactly the right direction ... Ill give
it a go!  Best Regards, Steve!