FW: Speed comp. TNG & 2.2.alpha (fwd)

Peter Samuelson peter at cadcamlab.org
Thu Mar 1 08:03:47 GMT 2001

[Andrew Bartlett]
> The way to tell if a group is a private group is fairly simple - a
> simple getgrnam call tells you if there are any non-primary members

Are you sure?  The man page on my system does not actually say that.
Sure, the usual Unix implementation of getgrnam() only reads /etc/group
and not /etc/passwd, but thanks to NSS, many people do not use the
usual Unix implementation of getgrnam() anymore.

Also consider AIX: the 'mkuser' utility automatically puts you in
/etc/group.  (I know this because I had to debug it once: I was
creating hundreds of users from a script, and managed to exceed the
line length limit of some tool that reads /etc/group.)

> A final check would be if no other users have this as their primary
> gid.

So you have to iterate through getpwent() every time?  Bad.  Remember,
systems like NIS are optimized for getpwnam() -- it is *much* more
efficient than a loop through getpwent().  (Granted, with a local
/etc/passwd file they are equivalent.)

> In any case, it would be good to get a list of all groups on a system
> and not see all the private groups setup for each individual user
> when all I want to see is admins, staff and students - if you see
> what I mean.

Here's another way to attack the problem.  Samba could have a magic NT
group name (say 'nogroup') defined to be invisible to clients, and a
syntax for a wildcard Unix group name in your group map file.


More information about the samba-ntdom mailing list