You are not logged in.

#1 2018-02-15 08:00:14

bachtiar
Member
Registered: 2005-02-08
Posts: 34

Duplicate entries in /etc/group

I've noticed shadow.service failing due to duplicate entries in /etc/group and /etc/gshadow for ftp, daemon, bin and mail.

I didn't touch any of those files and the installation is brand new (i.e. a week old, just a handful of upgraded packages, no mentions about .pacnew files etc.)

I wonder what is causing duplicates and why? Which gid's are correct and should be used?

Last edited by bachtiar (2018-02-15 08:05:09)

Offline

#2 2018-02-28 13:55:46

digor
Member
Registered: 2018-02-28
Posts: 7

Re: Duplicate entries in /etc/group

I faced the same problem.

# pacstrap -i -c arch/ base --ignore linux
# arch-chroot arch/
# grpck -r
duplicate group entry
delete line 'ftp:x:11:'? No
duplicate group entry
delete line 'mail:x:12:'? No
duplicate group entry
delete line 'daemon:x:982:bin'? No
duplicate group entry
delete line 'bin:x:981:daemon'? No
duplicate group entry
delete line 'bin:x:1:daemon'? No
duplicate group entry
delete line 'daemon:x:2:bin'? No
duplicate group entry
delete line 'mail:x:980:'? No
duplicate group entry
delete line 'ftp:x:14:'? No
duplicate shadow group entry
delete line 'ftp:!!::'? No
duplicate shadow group entry
delete line 'mail:!!::'? No
duplicate shadow group entry
delete line 'daemon:!!::bin'? No
duplicate shadow group entry
delete line 'bin:!!::daemon'? No
duplicate shadow group entry
delete line 'bin:!!::daemon'? No
duplicate shadow group entry
delete line 'daemon:!!::bin'? No
duplicate shadow group entry
delete line 'mail:!!::'? No
duplicate shadow group entry
delete line 'ftp:!!::'? No
grpck: no changes

Offline

#3 2018-02-28 23:12:07

digor
Member
Registered: 2018-02-28
Posts: 7

Re: Duplicate entries in /etc/group

The problem seems to be caused by systemd-sysusers which runs during the installation of systemd-237.64-1 (.INSTALL:14).
I have tried to install packages one by one and found out the problem occurs when systemd creates groups for the first time.

Moreover, after removing all that groups and running systemd-sysusers manually I got this output:

# systemd-sysusers
Creating group sys with gid 3.
Creating group mem with gid 8.
Creating group ftp with gid 11.
Creating group mail with gid 12.
Creating group log with gid 19.
Creating group smmsp with gid 25.
Creating group proc with gid 26.
Creating group games with gid 50.
Creating group lock with gid 54.
Creating group network with gid 90.
Creating group floppy with gid 94.
Creating group scanner with gid 96.
Creating group power with gid 98.
Creating group adm with gid 999.
Creating group wheel with gid 998.
Creating group kmem with gid 997.
Creating group tty with gid 5.
Creating group utmp with gid 996.
Creating group audio with gid 995.
Creating group optical with gid 994.
Creating group uucp with gid 993.
Creating group disk with gid 992.
Creating group input with gid 991.
Creating group kvm with gid 990.
Creating group lp with gid 989.
Creating group render with gid 988.
Creating group storage with gid 987.
Creating group video with gid 986.
Creating group users with gid 985.
Creating group systemd-journal with gid 984.
Creating group rfkill with gid 983.
Creating group daemon with gid 982.
Creating group bin with gid 981.
Creating group bin with gid 975.
Creating group daemon with gid 974.
Creating group mail with gid 973.
Creating group ftp with gid 972.
Creating group http with gid 971.
Creating group nobody with gid 970.
Creating group dbus with gid 969.
Creating group systemd-journal-remote with gid 968.
Creating group systemd-network with gid 967.
Creating group systemd-resolve with gid 966.
Creating group systemd-coredump with gid 965.
Creating group uuidd with gid 964.

ftp, mail, daemon, bin had been created twice.

Last edited by digor (2018-02-28 23:16:20)

Offline

#4 2018-02-28 23:19:51

loqs
Member
Registered: 2014-03-06
Posts: 6,386

Re: Duplicate entries in /etc/group

Can you try the following and see what entries there are for ftp,  it looks like sysusers.d is creating the second entry with an automatically assigned gid so is there a matching config entry for that or a bug?

$ grep ftp /usr/lib/sysusers.d/*.conf /run/sysusers.d/*.conf /etc/sysusers.d/*.conf

Offline

#5 2018-02-28 23:28:38

digor
Member
Registered: 2018-02-28
Posts: 7

Re: Duplicate entries in /etc/group

# grep ftp /usr/lib/sysusers.d/*.conf /run/sysusers.d/*.conf /etc/sysusers.d/*.conf
/usr/lib/sysusers.d/arch.conf:# groups first, because we have user/group id mismatch on ftp and mail
/usr/lib/sysusers.d/arch.conf:g ftp 11 - -
/usr/lib/sysusers.d/arch.conf:u ftp 14 - /srv/ftp
grep: /run/sysusers.d/*.conf: No such file or directory
grep: /etc/sysusers.d/*.conf: No such file or directory

Offline

#6 2018-02-28 23:59:43

loqs
Member
Registered: 2014-03-06
Posts: 6,386

Re: Duplicate entries in /etc/group

Copying /etc/* as supplied by filesystem back into the chroot then rerunning with debug

# SYSTEMD_LOG_LEVEL=debug systemd-sysusers
Adding implicit group 'daemon' due to m line
Adding implicit group 'bin' due to m line
Creating group sys with gid 3.
Creating group mem with gid 8.
Creating group ftp with gid 11.
Creating group mail with gid 12.
Creating group log with gid 19.
Creating group smmsp with gid 25.
Creating group proc with gid 26.
Creating group games with gid 50.
Creating group lock with gid 54.
Creating group network with gid 90.
Creating group floppy with gid 94.
Creating group scanner with gid 96.
Creating group power with gid 98.
Creating group adm with gid 999.
Creating group wheel with gid 998.
Creating group kmem with gid 997.
Creating group tty with gid 5.
Creating group utmp with gid 996.
Creating group audio with gid 995.
Creating group optical with gid 994.
Creating group uucp with gid 993.
Creating group disk with gid 992.
Creating group input with gid 991.
Creating group kvm with gid 990.
Creating group lp with gid 989.
Creating group render with gid 988.
Creating group storage with gid 987.
Creating group video with gid 986.
Creating group users with gid 985.
Creating group systemd-journal with gid 984.
Creating group rfkill with gid 983.
Creating group daemon with gid 982.
Creating group bin with gid 981.
Creating group bin with gid 1.
Creating user bin (n/a) with uid 1 and gid 1.
Creating group daemon with gid 2.
Creating user daemon (n/a) with uid 2 and gid 2.
Creating group mail with gid 980.
Suggested user ID 8 for mail already used.
Creating user mail (n/a) with uid 980 and gid 980.
Creating group ftp with gid 14.
Creating user ftp (n/a) with uid 14 and gid 14.
Creating group http with gid 33.
Creating user http (n/a) with uid 33 and gid 33.
Group root already exists.
User root already exists.
Creating group nobody with gid 65534.
Creating user nobody (Nobody) with uid 65534 and gid 65534.
Creating group dbus with gid 81.
Creating user dbus (System Message Bus) with uid 81 and gid 81.
Creating group systemd-journal-remote with gid 979.
Creating user systemd-journal-remote (systemd Journal Remote) with uid 979 and gid 979.
Creating group systemd-network with gid 978.
Creating user systemd-network (systemd Network Management) with uid 978 and gid 978.
Creating group systemd-resolve with gid 977.
Creating user systemd-resolve (systemd Resolver) with uid 977 and gid 977.
Creating group systemd-coredump with gid 976.
Creating user systemd-coredump (systemd Core Dumper) with uid 976 and gid 976.
Creating group uuidd with gid 68.
Creating user uuidd (n/a) with uid 68 and gid 68.

Offline

#7 2018-03-01 00:32:49

digor
Member
Registered: 2018-02-28
Posts: 7

Re: Duplicate entries in /etc/group

Furthermore,

grep bin /usr/lib/sysusers.d/*.conf
/usr/lib/sysusers.d/arch.conf:u bin 1 - -
/usr/lib/sysusers.d/arch.conf:m bin daemon
/usr/lib/sysusers.d/arch.conf:m bin sys
/usr/lib/sysusers.d/arch.conf:m daemon bin

bin has GID 1 in /usr/lib/sysusers.d/arch.conf, but 981 and 975 actually in /etc/group (and according to output of systemd-sysusers above)

# grep bin: /etc/group
bin:x:981:daemon
bin:x:975:daemon

But GID 1 remained in /etc/passwd

# grep bin: /etc/passwd
bin:x:1:1::/:/sbin/nologin

Offline

#8 2018-03-01 00:38:58

loqs
Member
Registered: 2014-03-06
Posts: 6,386

Re: Duplicate entries in /etc/group

# default arch groups
# groups first, because we have user/group id mismatch on ftp and mail
g sys 3 - -
g mem 8 - -
g ftp 11 - -
g mail 12 - -
g log 19 - -
g smmsp 25 - -
g proc 26 - -
g games 50 - -
g lock 54 - -
g network 90 - -
g floppy 94 - -
g scanner 96 - -
g power 98 - -

# default arch users
u bin 1 - -
u daemon 2 - -
u mail 8:12 - /var/spool/mail
u ftp 14:11 - /srv/ftp
u http 33 - /srv/http

# default membership
#m bin daemon
#m bin sys
#m daemon adm
#m daemon bin

Does not address the additional group membership without creating duplicate entries but this seems to fix/work around the issue for ftp, mail, bin
Edit:
https://github.com/systemd/systemd/issues/8315

Last edited by loqs (2018-03-01 02:33:41)

Offline

#9 2018-03-01 20:18:55

vario
Member
Registered: 2017-12-24
Posts: 4

Re: Duplicate entries in /etc/group

I have this issue, and also when I installed boinc-nox package I get a duplicate boinc group with gids 981 & 982

Mar 01 20:14:44 zenith systemd-sysusers[353]: Creating user boinc (BOINC Daemon) with uid 981 and gid 981.
Mar 01 20:14:44 zenith systemd-sysusers[353]: Creating group boinc with gid 981.
Mar 01 20:14:44 zenith systemd-sysusers[353]: Creating group boinc with gid 982.

Is there any likely problems arising from this behaviour?

Offline

#10 2018-03-01 20:32:05

loqs
Member
Registered: 2014-03-06
Posts: 6,386

Re: Duplicate entries in /etc/group

As long as the group boinc is always resolved to the same gid I would not expect an issue under the assumption that as boinc is using a dynamically assigned gid it does not ship any files owned by the boic group.
It is not good practise to have multiple entries for the same uid/gid to avoid confusion and the issue has a pull request upstream that will prevent systemd-sysusers from creating duplicate group entries.
When the issue has already occurred user intervention will be required to remove the duplicate groups and check mail is mail:x:8:12:mail:/var/spool/mail:/bin/false not mail:x:12:12:mail:/var/spool/mail:/bin/false
edit:
grammar missing a
edit2:

u boinc - "BOINC Daemon" /var/lib/boinc
g boinc -

Having the g boinc is superfluous as the u line will create a group with matching name and id and triggers the bug in systemd-sysusers.

Last edited by loqs (2018-03-01 21:18:16)

Offline

#11 2018-03-04 06:41:48

vario
Member
Registered: 2017-12-24
Posts: 4

Re: Duplicate entries in /etc/group

OK thanks I'll have to look into how to delete unwanted groups - I tried directly editing the group file but not sure its worked correctly as I now get

Mar 04 00:00:05 zenith systemd[1]: shadow.service: Failed with result 'exit-code'.
Mar 04 00:00:05 zenith systemd[1]: shadow.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 04 00:00:05 zenith sh[7132]: grpck: no changes
Mar 04 00:00:05 zenith sh[7132]: delete line 'boinc:!!::'? No
Mar 04 00:00:05 zenith sh[7132]: duplicate shadow group entry
Mar 04 00:00:05 zenith sh[7132]: delete line 'boinc:!!::'? No
Mar 04 00:00:05 zenith sh[7132]: duplicate shadow group entry
Mar 04 00:00:05 zenith sh[7132]: delete line 'boinc:x:981:'? No
Mar 04 00:00:05 zenith sh[7132]: duplicate group entry
Mar 04 00:00:05 zenith sh[7132]: delete line 'boinc:x:982:'? No
Mar 04 00:00:05 zenith sh[7132]: duplicate group entry
Mar 04 00:00:05 zenith systemd[1]: Started Rotate log files.
Mar 04 00:00:05 zenith sh[7132]: pwck: no changes
Mar 04 00:00:04 zenith sh[7132]: user 'ftp': no group 14
Mar 04 00:00:04 zenith sh[7132]: user 'mail': no group 980

By the way my "mail" user was for some reason uid 980 / gid 980... as I don't make use of mail or ftp I hope there will be no consequences anyway!

Edit: did some usermod stuff to change uid and gid of mail and ftp users so fingers crossed all OK now.

Last edited by vario (2018-03-04 09:03:26)

Offline

#12 2018-03-08 06:35:52

kyak
Member
Registered: 2012-01-20
Posts: 17

Re: Duplicate entries in /etc/group

It looks like a bug in systemd, which was fixed recently: https://github.com/systemd/systemd/issues/8315

Do I understand correctly that we just have to wait for this bugfix to land in newer systemd release, and duplicate groups will be gone automatically?
Or do we still need to remove duplicates from /etc/group manually?

Last edited by kyak (2018-03-08 06:36:17)

Offline

#13 2018-03-08 09:46:52

loqs
Member
Registered: 2014-03-06
Posts: 6,386

Re: Duplicate entries in /etc/group

https://bbs.archlinux.org/viewtopic.php … 9#p1771289

loqs wrote:

When the issue has already occurred user intervention will be required to remove the duplicate groups and check mail is mail:x:8:12:mail:/var/spool/mail:/bin/false not mail:x:12:12:mail:/var/spool/mail:/bin/false

Offline

#14 2018-04-21 17:02:52

jeverett
Member
Registered: 2018-04-21
Posts: 1

Re: Duplicate entries in /etc/group

If it helps anybody else, here are the commands I used to delete the duplicate groups and reset the groups for the accounts that were affected.

I used another Arch system to verify the right gids (and in the case of the 'mail' user, the uid) to use; the bug report for this issue on github (referenced above: https://github.com/systemd/systemd/issues/8315) also helped. Definitely, if this is wrong, please let me know!

(For some reason, even though users 'daemon' and 'bin' had duplicate groups, their entries in the passwd file still used the old group ids, so I didn't have to reset their groups with the usermod commands.  Thanks to vario for pointing me in the right direction.)

$ sudo usermod --gid 11 ftp
$ sudo usermod --uid 8 --gid 12 mail
$ sudo usermod --gid 120 gdm
$ sudo /usr/bin/grpck
duplicate group entry
delete line 'ftp:x:11:'? n
duplicate group entry
delete line 'mail:x:12:'? n
duplicate group entry
delete line 'daemon:x:982:bin'? y
duplicate group entry
delete line 'bin:x:981:daemon'? y
duplicate group entry
delete line 'mail:x:980:'? y
duplicate group entry
delete line 'ftp:x:14:'? y
duplicate group entry
delete line 'gdm:x:120:'? n
duplicate group entry
delete line 'gdm:x:975:'? y
duplicate shadow group entry
delete line 'ftp:!!::'? y
duplicate shadow group entry
delete line 'mail:!!::'? y
duplicate shadow group entry
delete line 'daemon:!!::bin'? y
duplicate shadow group entry
delete line 'bin:!!::daemon'? y
duplicate shadow group entry
delete line 'gdm:!!::'? y
grpck: the files have been updated

Offline

Board footer

Powered by FluxBB