From owner-freebsd-hackers Mon Jan 19 14:54:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA00172 for hackers-outgoing; Mon, 19 Jan 1998 14:54:04 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from labrador.cslab.vt.edu (labrador.cslab.vt.edu [198.82.184.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA29992 for ; Mon, 19 Jan 1998 14:53:01 -0800 (PST) (envelope-from kmitch@labrador.cslab.vt.edu) Received: (from kmitch@localhost) by labrador.cslab.vt.edu (8.8.8/8.8.7) id RAA29621 for hackers@freebsd.org; Mon, 19 Jan 1998 17:32:06 -0500 (EST) (envelope-from kmitch) From: Keith Mitchell Message-Id: <199801192232.RAA29621@labrador.cslab.vt.edu> Subject: Netgroup Problem To: hackers@FreeBSD.ORG Date: Mon, 19 Jan 1998 17:32:06 -0500 (EST) Reply-To: kmitch@cslab.vt.edu X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk I am trying to restrict access to a machine that is running NIS. I need the accounts there (to receive mail) but I don't want these people logging in. To achieve this, I created a netgroup with the people that I want to be able to login (consult) and added the following to my password file: +@consult::::::::: +:::::::::/usr/bin/false The problem is, that the people in the consult group can't actually log in. The problem appears to be that programs that use getpwnam don't work while those that use getpwent work fine. (i.e. finger will show the correct info but sudo, login, su, etc. don't). I was looking at the source and it doesn't look like getpwnam looks through the netgroups at all. (I didn't look that carefully so I could be mistaken). Has anyone gotten something like this to work?? Thanks.