Google Compute Engine DEBIAN : /etc/group setting lost after Reboot

4
votes

I am using Debian GNU/Linux 8 (jessie) on Google Compute Engine. My instance is newly created. I had tried to add user to group by using this command

sudo adduser <username> <groupname>

or even

sudo usermod -a -G <groupname> <username>

and it worked perfectly before i reboot my systems. After rebooting, i ran vim /etc/group but every users i assigned to that group disappear.

I also checked modified date of /etc/group. It seem that it had been modify after system reboot.

2
linuxdebiangoogle-compute-engine
I'm experiencing the same issue (albeit i'm using usermod -a -G group user), on CentOS 7 on GCE. I've got a ticket logged, so I'll update this if I get a fix/further information.willemmerson
@willemmerson Any update on this? I'm also experiencing this on CentOS7, and it's really annoying.Roberto
Do you have any progress on this? We have the same issue and even though we could hack a workaround, it would be good to have an official fix.Zsolt János

2 Answers

1
votes

I too had this issue today on a CentOS 7 server. I couldn't understand why my usermod commands seemed to be successful, but not persistent after rebooting the instance on GCE.

I got this fix from Google, not sure why it's not documented better:

The user and groups are partially managed by "google-accounts-daemon.service", which is part the guest images packages for linux. To make an user from the project have a persistent group, you have to follow these steps.

In the following example the group 'club' is going to be amended to this file.

1- Add the users the to /etc/default/instance_configs.cfg on each instance, there is an option "group". For instance: 

“groups = adm,dip,lxd,plugdev,video,club”

2- Restart the daemon after changing this file: 

“sudo systemctl restart google-accounts-daemon.service”

3- Check the status of the daemon and it should show some output for the new group assigned to all users:

“sudo systemctl status google-accounts-daemon.service”
“Jul 18 07:03:37 instance-2 usermod[1523]: add 'jaw' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1523]: add 'jaw' to shadow group 'club' 
Jul 18 07:03:37 instance-2 usermod[1528]: add 'root' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1528]: add 'root' to shadow group 'club' 
Jul 18 07:03:37 instance-2 usermod[1533]: add 'lucmult' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1533]: add 'lucmult' to shadow group 'club' “
0
votes

The GCE docs say that the cloud console can be used to manage (Linux OS) user accounts, including (Linux OS) group membership: https://cloud.google.com/compute/docs/access/user-accounts/#create_a_new_user_account

However, the instructions start with: 1. Go to the User Accounts page.

That link to the User Accounts page will require you to select a project. Once selected, the resulting page is not the User Accounts page - it's the project's overall Dashboard page. If you enter into the search bar at the top of the Dashboard page [user accounts] and click the item User accounts (subtitled IAM & Admin), the resulting page just says "(!) Failed to load".

FWIW I'm using a RHEL7 image. This basic feature of administering a Linux host, persistent group membership, seems very badly broken and even more badly documented in GCE.