Illegal Group Name error when using Chown

NiclausDutter
New Contributor III

Hello All,

I was pitted with the task to migrate everyone off of Centrify and onto the Native Active Directory tool. I am at the point where I need to grant the user permissions to their own home folder but when using the following command, I am receiving the dreaded: illegal group name

Example:
Username = TestUser123
Domain = CONTSO

sudo Chown -R TestUser123:"CONTOSODomain Users" /Users/TestUser123

I am wondering if the issue has something to do with our multi-domain environment.

6 REPLIES 6

joshuasee
Contributor III

I usually single quote users or groups when adding the domain in a script, though I don't think that is the issue here.

What happens when you use a numeric group ID instead? (Unfortunately, I honestly don't know what happens when you do that in a multi-domain environment)

NiclausDutter
New Contributor III

joshuasee,

I tried your suggestion, and still get the illegal group error.

Do you know how I would get the numeric group ID?

Hugonaut
Valued Contributor II

@NiclausDutter in terminal, you can type "id" literally just "id" & it will present you with the information you are seeking. May be another way but off the cuff that's my go to without researching.

here is the man page.

ID(1)                     BSD General Commands Manual                    ID(1)

NAME
     id -- return user identity

SYNOPSIS
     id [user]
     id -A
     id -F [user]
     id -G [-n] [user]
     id -M
     id -P [user]
     id -g [-nr] [user]
     id -p [user]
     id -u [-nr] [user]

DESCRIPTION
     The id utility displays the user and group names and numeric IDs, of the
     calling process, to the standard output.  If the real and effective IDs
     are different, both are displayed, otherwise only the real ID is dis-
     played.

If a user (login name or user ID) is specified, the user and group IDs of
     that user are displayed.  In this case, the real and effective IDs are
     assumed to be the same.

     The options are as follows:

     -A      Display the process audit user ID and other process audit proper-
             ties, which requires privilege.

     -F      Display the full name of the user.

     -G      Display the different group IDs (effective, real and supplemen-
             tary) as white-space separated numbers, in no particular order.

     -M      Display the MAC label of the current process.

     -P      Display the id as a password file entry.

     -a      Ignored for compatibility with other id implementations.

     -g      Display the effective group ID as a number.

     -n      Display the name of the user or group ID for the -G, -g and -u
             options instead of the number.  If any of the ID numbers cannot
             be mapped into names, the number will be displayed as usual.

     -p      Make the output human-readable.  If the user name returned by
             getlogin(2) is different from the login name referenced by the
             user ID, the name returned by getlogin(2) is displayed, preceded
             by the keyword ``login''.  The user ID as a name is displayed,
             preceded by the keyword ``uid''.  If the effective user ID is
             different from the real user ID, the real user ID is displayed as
             a name, preceded by the keyword ``euid''.  If the effective group
             ID is different from the real group ID, the real group ID is dis-
             played as a name, preceded by the keyword ``rgid''.  The list of
             groups to which the user belongs is then displayed as names, pre-
             ceded by the keyword ``groups''.  Each display is on a separate
             line.

     -r      Display the real ID for the -g and -u options instead of the
             effective ID.

     -u      Display the effective user ID as a number.

EXIT STATUS
     The id utility exits 0 on success, and >0 if an error occurs.

SEE ALSO
     who(1)

STANDARDS
     The id function is expected to conform to IEEE Std 1003.2 (``POSIX.2'').

HISTORY
     The historic groups(1) command is equivalent to ``id -Gn [user]''.

     The historic whoami(1) command is equivalent to ``id -un''.

     The id command appeared in 4.4BSD.

BSD                           September 26, 2006                           BSD
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

NiclausDutter
New Contributor III

@Hugonaut I was able to get the group id and tried the command again, like so:

sudo Chown -R  TestUser123:124356870 /Users/TestUser123

Still getting illegal group name.

Hugonaut
Valued Contributor II

@NiclausDutter have you tried using the AD users ID instead of the name?

sudo Chown -R  987654321:124356870 /Users/TestUser123
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

justin_smith
New Contributor III

@NiclausDutter I would double check the AD binding. The machine may also simply require a reboot after being bound to AD.