31

BACKGROUND

Trevor logs into his account on ssh://foobar.university.edu as one of the developers on the box, and he gets the message:

 id: cannot find name for group ID 131

Trevor then checks this out using 

 vim /etc/group

PROBLEM

Trevor discovers that there is no 131 anywhere in the /etc/group file.

Trevor then runs id ...

 > id trevor
 uid=4460(trevor) gid=131 groups=48(foobar),51(doobar),131

To discover his primary group apparently does not have a name attached to it.

QUESTIONS

  • What likely happened to cause this circumstance on the foobar.university.edu box ?
  • Suppose trevor wants to fix this (e.g., by just creating a "trevor" group that maps to GID 131) what is the best way to do this without potentially breaking anything else on the server ?
dreftymac
  • 717
  • 2
  • 7
  • 10

3 Answers3

24

What likely happened is that the UID and GID are provided to the server via LDAP. If the /etc/group file doesn't contain the translation for the GID, then the server administrators likely just failed to update the group definitions. What can you do? Not much. The user id is controlled by the administrator. (Now if you happen to have ROOT privileges, you can add the group into /etc/group. You should also check to see if any other user accounts are using the same group, and if they are, name the group appropriately).

sparticvs
  • 2,689
  • 14
  • 22
  • 7
    Thanks for the reply. Additional note: If you do have sufficient privileges; adding to group file can be done via `groupadd --gid 131 foobargroup` – dreftymac Nov 06 '12 at 01:54
  • @dreftymac Assuming that running `id` reports the same ID for uid, gid and groups, I guess it is safe to `groupadd -gID username`? – XXX Jul 09 '16 at 07:46
  • If this account was configured using an sssd with ldap/ad, another possibility(if you have root access on your system) is that your ldap_group_search_base attribute isn't general enough, and doesn't contain the group your system is searching for. – nobody Jul 29 '19 at 17:46
  • what does it mean "file doesn't contain the translation for the GID"? can you elaborate please? – Gulzar Feb 14 '23 at 09:34
  • @Gulzar What I mean by "translation here" is that when looking up the GID in `/etc/group` if there isn't a key with the GID, then it can't tell you who is in the group. – sparticvs Mar 09 '23 at 14:47
5

This happened when my user "jackson" wasn't assigned a group. I knew the solo group id for my user was 1000 (when a user is created with $ adduser and no parameters are defined, the user is assigned the next ids available beyond 999. The first getting uid 1000 and gid 1000).

This warning means your user does not belong to a group so what you need to do is to add the user to a group. Either have your admin help you like @sparticvs mentioned or if you have root privileges / it's your machine you can do the following:

$ addgroup [your_user_name]
$ usermod -a -G [your_user_name] [your_user_name]

And that should fix it (untested)

What I did was simply (advanced)

  • $ sudo vi /etc/group
  • modify the line of web:x:1001: to web:x:1000:jackson

Which made my user jackson belong to the web group.

FYI if you're not familiar with vim I do not recommend the "advanced" steps, if you're really really desperate use $ sudo nano /etc/group

Jacksonkr
  • 201
  • 2
  • 10
  • good job on the **advanced** disclaimer ... that could cause some unhappiness and breakage if one were not aware of the implications. – dreftymac Jan 06 '17 at 15:22
  • 2
    A better option than using `vi` directly is to use the specialised version, [vigr](http://www.unix.com/man-page/freebsd/8/vigr/). It makes a temporary copy and checks the syntax before saving, making it a lot safer when editing such an important. It's available in BSD and GNU/Linux (from the `util-linux` package). Similar tools exist for other important files, e.g., `vipw`, `visudo` . – Anthony Geoghegan Jul 31 '17 at 20:54
2

This can also happen if you are running a VM that usually gets its data from LDAP, but is unable to connect. I'm sure that there's a way to fix this, but I usually just reboot it once the connection is available again.

gbronner
  • 121
  • 3