Hi team,
Bigfix client: 9.5.22
Case 1:
If file has been assigned to unknown group, would not return true or false
Q: (exists group name of file “/root/123.txt”)
E: No group found for 123.txt
T: 625
-rw-r–r-- 1 1001 1000 0 Jan 5 07:14 123.txt
Case 2:
If file has been assigned to known group, would return true or false
Q: (exists group name of file “/root/123.txt”)
A: True
T: 266
-rw-r–r-- 1 root root 0 Jan 5 07:14 123.txt
I’m not sure if your file exists or how group names behave in Linux (I’m not an expert), but the relevance below will do the job what you need-
if windows of operating system then "N/A" else if not exists file "/root/123.txt" then "file not exists" else if not exists group name of file "/root/123.txt" then "No Group Found" else if exists group name of file "/root/123.txt" then "True" else "False"
Hi @vk.khurava
my case definitely in Linux, and would like to find out files in linux associated with unmanaged owner or group, unmanaged owner or group is mean the invalid user or group, I had experience no issue if I using inspector (exists user name of of file “/root/123.txt”) even the have invalid user associated with the file.
Here is the result I tried your suggestion, but seems the inspector not able to return true or false, seems inspector logic not allow this even the relevance has if or exists logic.
Result:
Q: if windows of operating system then “N/A” else if not exists file “/root/123.txt” then “file not exists” else if not exists group name of file “/root/123.txt” then “No Group Found” else if exists group name of file “/root/123.txt” then “True” else "False"
E: No group found for 123.txt
File ownership: (1002 is invalid group)
-rw-r----- 1 andy 1002 0 Jan 5 07:11 123.txt
It appears that BESClient is unable to handle the invalid group in some way, which prevents it from denying it as a group and from displaying the group name. I re-created the same behavior on a RHEL 8 box using BESClient v11.0, and I received the same error message.
[root@VKRHEL8 ~]# sudo chgrp 1001 /home/ABC/Desktop/test.txt
[root@VKRHEL8 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: group name of file "/home/ABC/Desktop/test.txt"
E: No group found for test.txt
T: 3904
For additional troubleshooting, I advise opening an open case with HCL.
Since the result is an Error, we could also use the pipe operator | to handle the error and return a False in cases where the error is triggered. This could be a useful workaround for now…
Q: group name of file "/tmp/testgroup.txt"
E: No group found for testgroup.txt
T: 10524
Q: exists group name of file "/tmp/testgroup.txt"
E: No group found for testgroup.txt
Q: exists group name of file "/tmp/testgroup.txt" | False
A: False
T: 348
That said, if you plan is to recurse every subdirectory looking for files without owners, doing this natively in Relevance is probably not a good approach. That will leave the BESClient active for a long period evaluating the relevance, during which it will not post reports or respond to actions; eventually the relevance will likely be aborted for running too long, it might not complete.
In our Compliance content, to identify files without resolvable owner/group, we use an Action to generate & run a shell script to identify those files and save a results file; this allows the BESClient itself to move on to other tasks, the shell script does not timeout if it takes too long, the shellscript can avoid traversing network mounts, and the script runs without the CPU throttling of the BESClient so it can complete faster.
Hi @JasonWalker
Thanks, your guessing is correct, I may use (descendants and descendant folders whose (the group name inspector and user name inspector), but my case is only focus on recurse every subdirectory in few small sizing file systems to looking for files without owners or groups, hope it won’t have performance issue, if have performance issue then I will consider the way of using action script.
Hi @vk.khurava
Thanks for your reply, I may not open case to HCL, just use the pipe operator to handle this case, it’s enough for me…