Good morning everyone. This morning when I came in my boss said that he doesn't have access to the R: drive, which is a samba share to a folder called RP. I looked in /etc/group and his username was not in there. He's had access to this group for years, since before I was at the company. Yesterday I added a new employee to two other groups, saved the change and exited, and I took out an old username out of a few groups but I did not touch my boss's username at all. Is there any kind of trace log that shows changes to a group or to /etc/group that tracks / logs all individual changes that I can trace back to what might have happened that's turned on in the system, to show changes to /etc/group, or does that only get captured through an outside backup?
Chris
Good morning everyone. This morning when I came in my boss said that he doesn't have access to the R: drive, which is a samba share to a folder called RP. I looked in /etc/group and his username was not in there. He's had access to this group for years, since before I was at the company. Yesterday I added a new employee to two other groups, saved the change and exited, and I took out an old username out of a few groups but I did not touch my boss's username at all. Is there any kind of trace log that shows changes to a group or to /etc/group that tracks / logs all individual changes that I can trace back to what might have happened that's turned on in the system, to show changes to /etc/group, or does that only get captured through an outside backup?
Chris
Hi Chris,
You didn't tell us how you've managed the users/groups. Usually this is tracked in /var/log/secure like so:
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/group: name=apache, GID=48 Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/gshadow: name=apache Mar 2 09:57:42 dhcp-157 groupadd[23761]: new group: name=apache, GID=48 Mar 2 09:57:42 dhcp-157 useradd[23769]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
Regards, Simon
Typically I just adjust who is a member of the group by editing the group using vi /etc/group, the Group has full rwx access to the share folder. I don't see listings like your examples in /var/log/secure, but there are entries for ssh authentication, etc. Where do I look in the samba config file to find that listing?
Chris
On 3/5/2021 9:39 AM, Simon Matter wrote:
Good morning everyone. This morning when I came in my boss said that he doesn't have access to the R: drive, which is a samba share to a folder called RP. I looked in /etc/group and his username was not in there. He's had access to this group for years, since before I was at the company. Yesterday I added a new employee to two other groups, saved the change and exited, and I took out an old username out of a few groups but I did not touch my boss's username at all. Is there any kind of trace log that shows changes to a group or to /etc/group that tracks / logs all individual changes that I can trace back to what might have happened that's turned on in the system, to show changes to /etc/group, or does that only get captured through an outside backup?
Chris
Hi Chris,
You didn't tell us how you've managed the users/groups. Usually this is tracked in /var/log/secure like so:
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/group: name=apache, GID=48 Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/gshadow: name=apache Mar 2 09:57:42 dhcp-157 groupadd[23761]: new group: name=apache, GID=48 Mar 2 09:57:42 dhcp-157 useradd[23769]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
Regards, Simon
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Fri, 5 Mar 2021, Christopher Wensink wrote:
Typically I just adjust who is a member of the group by editing the group using vi /etc/group
Editing /etc/group is not recommended. Changes aren't logged and it's easy to make mistakes. It's better to use:
groupadd to create groups gpasswd to add or remove users
(usermod can also add users to a group but gpasswd is safer).
On Fri, 5 Mar 2021, Christopher Wensink wrote:
Typically I just adjust who is a member of the group by editing the group using vi /etc/group
Editing /etc/group is not recommended. Changes aren't logged and it's easy to make mistakes. It's better to use:
groupadd to create groups gpasswd to add or remove users(usermod can also add users to a group but gpasswd is safer).
Or at least use vigr do modify /etc/group.
Simon
-
Christopher Wensink -
Ian Mortimer -
Simon Matter