pam_group vs. multiple group lines
- From: Ulrich Spoerlein <uspoerlein@xxxxxxxxx>
- Date: Tue, 21 Aug 2007 21:50:43 +0200
Hi,
I think I found a deficiency wrt. to pam_group (which also hits sudo(8)
so this might be libc related instead).
I found this while trying to migrate groups into LDAP, but you don't
need LDAP to reproduce this, simply place the following in /etc/group
wheel:*:0:root
wheel:*:0:us
% getent group|grep wheel;id
wheel:*:0:root
wheel:*:0:us
uid=1001(us) gid=1000(us) groups=1000(us),0(wheel),80(www)
As you can see, getent(1) and id(1) work fine. File access also works
like expected, except for su(8) (because of pam_group group=wheel in
pam.d/su)
% su -
su: Sorry
Combine the wheel entries back into one line and su(8) suddenly starts
working again. Same problem hits sudo(8) if your are using a %wheel
line. Since there is no pam.d/sudo on my system I think the bug probably
lies in libc itself.
Is this expected behaviour? I'd classify it as bug ...
Cheers,
Ulrich Spoerlein
--
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- RE: pam_group vs. multiple group lines
- From: Scott, Brian
- Re: pam_group vs. multiple group lines
- From: Chuck Swiger
- RE: pam_group vs. multiple group lines
- Prev by Date: Re: A little story of failed raid5 (3ware 8000 series)
- Next by Date: Re: pam_group vs. multiple group lines
- Previous by thread: Gathering entropy freeze on "point-to-point"
- Next by thread: Re: pam_group vs. multiple group lines
- Index(es):
Relevant Pages
|
|
