2

On several of our CentOS 5 systems, the /etc/group file was munged by an automated script.

As a result, there are some files on the system which have an undefined GID-- the GID is not defined in /etc/group. For example, the following file is owned by GID 103, when it should be owned by the group 'mysql'.

# ls -ld /var/lib/mysql/mysql/user.frm 
-rw-rw---- 1 mysql 103 10330 Apr  1 02:47 /var/lib/mysql/mysql/user.frm

Is there a way for me to find ALL files on this system which are owned by undefined groups?

I know I can do something like this to find all files owned by GID 103:

find / -gid 103

However, I want to find ALL files which are owned by an undefined group.

Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184

3 Answers3

5

Doesn't your version of find have the -nogroup option?

Here is a perl one-liner:

perl -MFile::Find -e 'find({ wanted => sub { getgrgid((stat(_))[5]) or \
  print ((stat(_))[5], " $File::Find::name\n") }, follow => 1 }, "/")'
Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
  • 2
    Despite the other accepted answer, this one really is the -right- one. Using the `-nogroup` flag with find will return all files with which the GID doesn't map to an actual group. Exactly what the poster was looking for. – Christopher Karel Aug 04 '10 at 19:52
  • 1
    Wow, I wonder why I have never noticed this option before. – Zoredache Aug 04 '10 at 19:58
  • You win! I had no idea that option existed. I even scanned the manpage and missed this option. – Stefan Lasiewski Aug 04 '10 at 22:55
4

you may try a quick and dirty solution like:

find .  -ls | gawk '$6 ~ /^[0-9]+$/ {print}'

it's definitely not a beauty, but should work.

Daniel
  • 1,703
  • 1
  • 12
  • 16
1

If you have -gid but not -nogroup you may be able to use this or something like it:

gids=($(cut -d: -f3 /etc/group | sed 's/.*/! -gid & /'))
find /dir/to/start ${gids[@]} -ls
Dennis Williamson
  • 60,515
  • 14
  • 113
  • 148