From owner-freebsd-current@FreeBSD.ORG Wed Apr 23 19:08:31 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8FC237B401 for ; Wed, 23 Apr 2003 19:08:31 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A85043FB1 for ; Wed, 23 Apr 2003 19:08:31 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.nectar.cc (Postfix) with ESMTP id 8AF4BE; Wed, 23 Apr 2003 21:08:30 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id CDD7978C66; Wed, 23 Apr 2003 21:08:29 -0500 (CDT) Date: Wed, 23 Apr 2003 21:08:29 -0500 From: "Jacques A. Vidrine" To: gjohnson@srrc.ars.usda.gov Message-ID: <20030424020829.GA73546@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , gjohnson@srrc.ars.usda.gov, freebsd-current@FreeBSD.org References: <20030423210539.GA1348@node1.cluster.srrc.usda.gov> <20030423215038.GB22152@madman.celabo.org> <20030423220754.GA16387@node1.cluster.srrc.usda.gov> <20030423221120.GA22798@madman.celabo.org> <20030423221915.GA17543@node1.cluster.srrc.usda.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030423221915.GA17543@node1.cluster.srrc.usda.gov> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 cc: freebsd-current@FreeBSD.org Subject: Re: groups wrong on NIS clients X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2003 02:08:32 -0000 On Wed, Apr 23, 2003 at 05:19:15PM -0500, Glenn Johnson wrote: > > How are you logging in? > > I was using ssh. After reading your message, I went down the hall and > logged in via the console. The groups are set correctly when logging in > via the console. > > Whatever login process you are using is responsible for setting your > > group list correctly. It has not done so. > > As a note, the groups were set correctly via ssh before I updated to the > latest sources today. My previous -current was from April 15, 2003. Do you have UsePrivilegeSeperation turned on? (Not that this should make a difference ... `works here'.) Do you have anything different from the default configuration? The only thing I can think of that might give you different results when logging in via the console versus via sshd is if the latter cannot contact the NIS server for some reason. Do you see (e.g. with tcpdump) any NIS queries when you attempt to login via ssh? If you want to dig deeper, you should arrange for sshd to spit out the group list. Something like the following. *** session.c 26 Feb 2003 15:59:04 -0000 1.6 --- session.c 24 Apr 2003 02:07:34 -0000 *************** *** 1267,1272 **** --- 1267,1283 ---- # ifdef __bsdi__ setpgid(0, 0); # endif + { + struct group *gr; + int groups[NGROUPS], ngroups, i; + ngroups = NGROUPS; + getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + for (i = 0; i < ngroups; i++) { + gr = getgrgid(groups[i]); + debug("XXX group[%d]=%d,%s", i, groups[i], + gr == NULL ? "" : gr->gr_name); + } + } if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { perror("unable to set user context"); Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se