Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Apr 2003 21:08:29 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        gjohnson@srrc.ars.usda.gov
Cc:        freebsd-current@FreeBSD.org
Subject:   Re: groups wrong on NIS clients
Message-ID:  <20030424020829.GA73546@madman.celabo.org>
In-Reply-To: <20030423221915.GA17543@node1.cluster.srrc.usda.gov>
References:  <20030423210539.GA1348@node1.cluster.srrc.usda.gov> <20030423215038.GB22152@madman.celabo.org> <20030423220754.GA16387@node1.cluster.srrc.usda.gov> <20030423221120.GA22798@madman.celabo.org> <20030423221915.GA17543@node1.cluster.srrc.usda.gov>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 23, 2003 at 05:19:15PM -0500, Glenn Johnson wrote:
> > How are you logging in?
> 
> I was using ssh.  After reading your message, I went down the hall and
> logged in via the console.  The groups are set correctly when logging in
> via the console.

> > Whatever login process you are using is responsible for setting your
> > group list correctly.  It has not done so.
> 
> As a note, the groups were set correctly via ssh before I updated to the
> latest sources today.  My previous -current was from April 15, 2003.

Do you have UsePrivilegeSeperation turned on?  (Not that this should
make a difference ... `works here'.)  Do you have anything different
from the default configuration?

The only thing I can think of that might give you different results
when logging in via the console versus via sshd is if the latter
cannot contact the NIS server for some reason.  Do you see (e.g. with
tcpdump) any NIS queries when you attempt to login via ssh?

If you want to dig deeper, you should arrange for sshd to spit out the
group list.  Something like the following.

*** session.c	26 Feb 2003 15:59:04 -0000	1.6
--- session.c	24 Apr 2003 02:07:34 -0000
***************
*** 1267,1272 ****
--- 1267,1283 ----
  # ifdef __bsdi__
  		setpgid(0, 0);
  # endif
+ 		{
+ 		struct group *gr;
+ 		int groups[NGROUPS], ngroups, i;
+ 		ngroups = NGROUPS;
+ 		getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
+ 		for (i = 0; i < ngroups; i++) {
+ 			gr = getgrgid(groups[i]);
+ 			debug("XXX group[%d]=%d,%s", i, groups[i],
+ 			    gr == NULL ?  "<not found>" : gr->gr_name);
+ 		}
+ 		}
  		if (setusercontext(lc, pw, pw->pw_uid,
  		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
  			perror("unable to set user context");


Cheers,
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030424020829.GA73546>