Google Compute Engine DEBIAN : /etc/group setting lost after Reboot

4
votes

I am using Debian GNU/Linux 8 (jessie) on Google Compute Engine. My instance is newly created. I had tried to add user to group by using this command

sudo adduser <username> <groupname>

or even

sudo usermod -a -G <groupname> <username>

and it worked perfectly before i reboot my systems. After rebooting, i ran vim /etc/group but every users i assigned to that group disappear.

I also checked modified date of /etc/group. It seem that it had been modify after system reboot.

2
linuxdebiangoogle-compute-engine
I'm experiencing the same issue (albeit i'm using usermod -a -G group user), on CentOS 7 on GCE. I've got a ticket logged, so I'll update this if I get a fix/further information. - willemmerson
@willemmerson Any update on this? I'm also experiencing this on CentOS7, and it's really annoying. - Roberto
Do you have any progress on this? We have the same issue and even though we could hack a workaround, it would be good to have an official fix. - Zsolt János

2 Answers

1
votes

I too had this issue today on a CentOS 7 server. I couldn't understand why my usermod commands seemed to be successful, but not persistent after rebooting the instance on GCE.

I got this fix from Google, not sure why it's not documented better:

The user and groups are partially managed by "google-accounts-daemon.service", which is part the guest images packages for linux. To make an user from the project have a persistent group, you have to follow these steps.

In the following example the group 'club' is going to be amended to this file.

1- Add the users the to /etc/default/instance_configs.cfg on each instance, there is an option "group". For instance: 

“groups = adm,dip,lxd,plugdev,video,club”

2- Restart the daemon after changing this file: 

“sudo systemctl restart google-accounts-daemon.service”

3- Check the status of the daemon and it should show some output for the new group assigned to all users:

“sudo systemctl status google-accounts-daemon.service”
“Jul 18 07:03:37 instance-2 usermod[1523]: add 'jaw' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1523]: add 'jaw' to shadow group 'club' 
Jul 18 07:03:37 instance-2 usermod[1528]: add 'root' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1528]: add 'root' to shadow group 'club' 
Jul 18 07:03:37 instance-2 usermod[1533]: add 'lucmult' to group 'club' 
Jul 18 07:03:37 instance-2 usermod[1533]: add 'lucmult' to shadow group 'club' “
0
votes

The GCE docs say that the cloud console can be used to manage (Linux OS) user accounts, including (Linux OS) group membership: https://cloud.google.com/compute/docs/access/user-accounts/#create_a_new_user_account

However, the instructions start with: 1. Go to the User Accounts page.

That link to the User Accounts page will require you to select a project. Once selected, the resulting page is not the User Accounts page - it's the project's overall Dashboard page. If you enter into the search bar at the top of the Dashboard page [user accounts] and click the item User accounts (subtitled IAM & Admin), the resulting page just says "(!) Failed to load".

FWIW I'm using a RHEL7 image. This basic feature of administering a Linux host, persistent group membership, seems very badly broken and even more badly documented in GCE.