Mogens Kjaer wrote:
The start looks OK on the machine that this problem first appeared on, and on another machine I'm using as a test box.This is very strange.
Does the start of this file look OK?
I've reproduced the problem on another machine and now will go back and isolate what in particular is causing the issue.
It appears that successive adding of users to a group causes each group and subsequent groups below it to grow incredibly. The gshadow file is full of Hex 2c characters.
Here's an xxd dump of a portion of the gshadow file. 0001130: 2c2c 2c2c 2c2c 2c2c 2c0a 6265 636b 793a ,,,,,,,,,.becky: 0001140: 213a 3a2c 212c 2c2c 2c2c 2c21 2c2c 2c21 !::,!,,,,,,!,,,! 0001150: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001160: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001170: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001180: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001190: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011a0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011b0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011c0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011d0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011e0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 00011f0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001200: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001210: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001220: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,, 0001230: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
The top portion of the file looks much more reasonable, until you get to the first group I added - alan.
00001a0: 6d73 703a 783a 3a0a 7063 6170 3a78 3a3a msp:x::.pcap:x::
00001b0: 0a61 7061 6368 653a 783a 3a0a 7371 7569 .apache:x::.squi
00001c0: 643a 783a 3a0a 7765 6261 6c69 7a65 723a d:x::.webalizer:
00001d0: 783a 3a0a 7866 733a 783a 3a0a 6e74 703a x::.xfs:x::.ntp:
00001e0: 783a 3a0a 6764 6d3a 783a 3a0a 616c 616e x::.gdm:x::.alan
00001f0: 3a21 3a3a 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c :!::,,,,,,,,,,,,
0000200: 2c2c 212c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,!,,,,,,,,,,,,,
0000210: 2c2c 2c2c 2c2c 2c21 2c2c 2c2c 2c61 6c61 ,,,,,,,!,,,,,ala
0000220: 6e0a 616c 616e 643a 213a 3a2c 212c 2c2c n.aland:!::,!,,,
0000230: 2c2c 2c21 2c2c 2c21 2c2c 2c2c 2c2c 2c2c ,,,!,,,!,,,,,,,,
0000240: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
0000250: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
0000260: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
0000270: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 0a61 ,,,,,,,,,,,,,,.a
0000280: 6c61 6e74 3a21 3a3a 2c21 2c2c 2c2c 2c2c lant:!::,!,,,,,,
0000290: 212c 2c2c 212c 2c2c 2c2c 2c2c 2c2c 2c2c !,,,!,,,,,,,,,,,
00002a0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
00002b0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
00002c0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
00002d0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
00002e0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
00002f0: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
0000300: 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c ,,,,,,,,,,,,,,,,
Then I added aland, followed by alant, etc. It seems like each user/group is taking up more and more space full of hex 2c's.
I'm adding users from a script which is creating them in alphabetical order. That script was created on another box where I wrote a perl script to analyze that machines users and groups and it wrote the bash script, a portion of it shown below: I need users and groups on one machine to be equal to them on another machine including their UID and GID, so the script creates things in a sequence that guarantees I get the UID and GID I need.
What you see here is what is actually running to cause the problem, but there's nothing being executed but simple commands. I'm not writing to any of the passwd, group, shadow, or gshadow files myself. The normal utilities are doing it.
#### alan
if ! userexists alan; then
if ! gidexists 573 alan; then
if ! groupadd -g 573 alan; then
echo groupadd for 573 alan failed.
exit 1
fi
fi
if gidexists 573 alan; then
if ! /usr/sbin/useradd -u 572 -g 573 -d /home/alan -s /bin/bash -c 'Alan Glubber ' alan; then
echo useradd for user 572 alan failed.
exit 1
fi
else
echo useradd for 572 alan not attempted due to gid non existence.
exit 1
fi
else
echo LoginID alan already exists on this box. Skipping this user.
fi
if ! /usr/sbin/usermod -G sambashare,alan alan; then
echo usermod -G sambashare,alan alan failed.
exit 1
fi
if ! /usr/sbin/usermod -p '$1$aTDwruOO$ZTuCh9CCE9W8T1zJSlwjB.' alan; then
echo usermod -p for alan failed.
exit 1
fi
If you're wondering how some of the functions are written, here they are: userexists() { usermod -U ${1} 2>/dev/null return $? }
groupexists() {
groupmod ${1} 2>/dev/null
return $?
}gidexists() {
local groupID
if [ $# -eq 2 ]; then
if groupexists ${2}; then
groupID=$(egrep "^$2:" /etc/group)
groupID=${groupID%:*}
groupID=${groupID##*:}
[ "${groupID}" == "${1}" ] && return 0
return 1
else
return 1
fi
else
groupID=$(grep ${1} /etc/group|sed 's/^[^:]*:[^:]*://'|sed 's/:.*//'|sed "
/^${1}$/!d")
[ "${groupID}" == "${1}" ] && return 0
return 1
fi
}-- Bill Gradwohl bill@xxxxxxx http://www.ycc.com spamSTOMPER Protected email
