Date: Wed, 23 Apr 2003 21:08:29 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: gjohnson@srrc.ars.usda.gov Cc: freebsd-current@FreeBSD.org Subject: Re: groups wrong on NIS clients Message-ID: <20030424020829.GA73546@madman.celabo.org> In-Reply-To: <20030423221915.GA17543@node1.cluster.srrc.usda.gov> References: <20030423210539.GA1348@node1.cluster.srrc.usda.gov> <20030423215038.GB22152@madman.celabo.org> <20030423220754.GA16387@node1.cluster.srrc.usda.gov> <20030423221120.GA22798@madman.celabo.org> <20030423221915.GA17543@node1.cluster.srrc.usda.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 23, 2003 at 05:19:15PM -0500, Glenn Johnson wrote: > > How are you logging in? > > I was using ssh. After reading your message, I went down the hall and > logged in via the console. The groups are set correctly when logging in > via the console. > > Whatever login process you are using is responsible for setting your > > group list correctly. It has not done so. > > As a note, the groups were set correctly via ssh before I updated to the > latest sources today. My previous -current was from April 15, 2003. Do you have UsePrivilegeSeperation turned on? (Not that this should make a difference ... `works here'.) Do you have anything different from the default configuration? The only thing I can think of that might give you different results when logging in via the console versus via sshd is if the latter cannot contact the NIS server for some reason. Do you see (e.g. with tcpdump) any NIS queries when you attempt to login via ssh? If you want to dig deeper, you should arrange for sshd to spit out the group list. Something like the following. *** session.c 26 Feb 2003 15:59:04 -0000 1.6 --- session.c 24 Apr 2003 02:07:34 -0000 *************** *** 1267,1272 **** --- 1267,1283 ---- # ifdef __bsdi__ setpgid(0, 0); # endif + { + struct group *gr; + int groups[NGROUPS], ngroups, i; + ngroups = NGROUPS; + getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + for (i = 0; i < ngroups; i++) { + gr = getgrgid(groups[i]); + debug("XXX group[%d]=%d,%s", i, groups[i], + gr == NULL ? "<not found>" : gr->gr_name); + } + } if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { perror("unable to set user context"); Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030424020829.GA73546>