I have a Solaris 10 system inherited from several previous admins. While trying to decipher a permissions issue, I ran "grpck" and it reported a ton of errors. Among them were these:
- group name too long
- group name contains illegal characters (special chars or caps)
- group membership duplicated (for example, the LDAP server contains a group named bosco with user Joe and there is a local group in /etc/group called bosco with user Joe.
While grpck reports these as errors/problems, how serious is it? Should it be fixed immediately? Is it causing problems I can't see? Or does Solaris really only care about the GID and the name attached to that GID is just a convenience for humans? Anyone think of any "gotchas" that could result from fixing the length/characters/etc. in /etc/group or LDAP?
I would consider a minimalist approach. It looks like the old system was using standalone authentication, then LDAP was added. Poorly. If LDAP has foo with group number 111 and /etc/group has foo with 122 it can affect what you see -- tools that show file ownership and permissions or /etc/passwd when changing or adding groups to an account. Like ls, passwd, chown, chgrp, id
Applications generally use the group number NOT the name to resolve file access.
BEFORE you change anything, check to see what a group (using the group number)
is assigned to: file ownership is the important one. If you have sudo also verify that name and its use in /etc/sudoers .
If you want to change anything consider only using groupmod to change the name e.g., from foo to foo1
Do not change the group numbers as a first fix. And consider LDAP as the 'truth' in the choice of names.
Also check all of the applications scripts for hardcoded group names. You will have to rectify those entries when you change the spelling of the group name.
grpck checks for SysV compliance.
The Solaris 10 OS is more tolerant than SysV is, but applications might have problems.
For permissions only the GID matters. While I am in doubt with NFSv4.