su: group not found: root

[michal.sviba]

Hi,
every time when I login as root (Putty login, su -) there is new line in /var/log/messages

Oct 23 10:33:38 x su[90032]: group not found: root
Oct 23 10:33:38 x syslogd: last message repeated 1 times

Same does sudo when I use it:

Oct 23 10:33:54 x sudo[90073]: group not found: michal
Oct 23 10:33:55 x sudo[90077]: group not found: michal
Oct 23 10:33:56 x sudo[90080]: group not found: michal
Oct 23 10:33:57 x sudo[90083]: group not found: michal
Oct 23 10:34:00 x sudo[90119]: group not found: michal
Oct 23 10:34:08 x sudo[90168]: group not found: michal

User michal has group wheel. Plenty of years it was working without this message.

I've recompile login.conf db, I've re-saved password with vipw. But without success. On this machine runs few jails. Inside of jails isn't this problem. Using 13.2-RELEASE-p4 GENERIC amd64. And I don't know when it started. Logs are already gone.

Can someone please help me fix it?
Thanks

 

[SirDice]

There is no 'root' group, it does exist on Linux, and I suspect you got confused. What does id michal output?

 

[michal.sviba]

root@x:~ # id michal
uid=1001(michal) gid=0(wheel) groups=0(wheel)

 

[SirDice]

Your primary group is wheel, that's not good. That should be 'michal'. You probably messed up with pw usermod trying to add the wheel group.

Anyway, what does getent group michal and getent passwd michal output?

 

[michal.sviba]

getent group michal returns nothing
getent passwd michal returns password line
michal:$6$******:1001:0:Michal:/home/michal:/bin/csh

Same result on another installation, where is not this problem.

 

[michal.sviba]

You probably messed up with pw usermod trying to add the wheel group.

I wasn't using this command years . But I did freebsd-update from 12->13.

 

[SirDice]

getent group michal returns nothing
getent passwd michal returns password line
michal:$6$******:1001:0:Michal:/home/michal:/bin/csh

You typically create a user account with a user group attached to it. I.e. user michal and group michal (same GID as the UID). Not saying this is wrong, just not common.
What does getent group output?

But I did freebsd-update from 12->13.

If I recall correctly that merges some things in /etc/group and /etc/passwd, that might have gone wrong.

 

[michal.sviba]

/etc/group is long and has irelevant users for this problem. But its really looks same as another installation.
# getent group | grep root
wheel:*:0:root
operator:*:5:root

 

[SirDice]

Ok, that looks as it should. What's in /etc/pam.d/su? Particularly this line:

auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser

Note that it should say group=wheel there.

 

[michal.sviba]

/etc/pam.d/su

#
# $FreeBSD$
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            include         system

# account
account         include         system

# session
session         required        pam_permit.so

 

[SirDice]

That looks good. Odd, why is su(1) looking for a root group? That group shouldn't exist, so why is it looking for it?

Oct 23 10:33:38 x su[90032]: group not found: root

What does id root show?

 

[michal.sviba]

That looks good. Odd, why is su(1) looking for a root group? That group shouldn't exist, so why is it looking for it?

Oct 23 10:33:38 x su[90032]: group not found: root

What does id root show?

Exactly, and it's reason why I've created registration here on freebsd forum and asked

I've found nothing by my self and nothing on Google.

I've also check md5sum of su

 

[SirDice]

Looking at the PID, it seems to be started from some other process, some script maybe? Something running through cron(8) perhaps?

 

[michal.sviba]

# id root
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

 

[SirDice]

That looks good too, no root group there.

 

[michal.sviba]

Looking at the PID, it seems to be started from some other process, some script maybe? Something running through cron(8) perhaps?

No, it was me from Putty

 

[SirDice]

What was the exact command you ran?

 

[michal.sviba]

su -

 

[SirDice]

That's not very exciting, is it? Do you get the error about the group everytime you run su -? Still don't have a clue where it gets that root group from.

 

[michal.sviba]

Yes, everytime when I use su -. I overlooking it last weeks. But then I started to use sudo in Pyton script (almost every second) and sudo logs it too. So my logs are now flooded. So I've started to investigate it, but still without success

 

[VladiBG]

If the passwd and group file looks ok you may generate new password database with pwd_mkdb -p /etc/master.passwd

 

[michal.sviba]

If the passwd and group file looks ok you may generate new password database with pwd_mkdb -p /etc/master.passwd

I did it by re-saving vipw. I did it now again. But problem still presents

 

[michal.sviba]

I've tried gdb su and (gdb) run - but it has not showed anything but "warning: Can't read pathname for load map."

 

[michal.sviba]

I see that sshd do it to when I log in

sshd[14746]: group not found: michal

 

[SirDice]

Is there a difference if you do su and su -? If the first doesn't trigger the error the issue might be in root's .cshrc. Also check /etc/login.conf for any merge issues from the upgrade that may have been left.