Date: Tue, 21 Aug 2007 21:50:43 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: stable@freebsd.org Subject: pam_group vs. multiple group lines Message-ID: <20070821195043.GA1464@roadrunner.spoerlein.net>
next in thread | raw e-mail | index | archive | help
Hi, I think I found a deficiency wrt. to pam_group (which also hits sudo(8) so this might be libc related instead). I found this while trying to migrate groups into LDAP, but you don't need LDAP to reproduce this, simply place the following in /etc/group wheel:*:0:root wheel:*:0:us % getent group|grep wheel;id wheel:*:0:root wheel:*:0:us uid=1001(us) gid=1000(us) groups=1000(us),0(wheel),80(www) As you can see, getent(1) and id(1) work fine. File access also works like expected, except for su(8) (because of pam_group group=wheel in pam.d/su) % su - su: Sorry Combine the wheel entries back into one line and su(8) suddenly starts working again. Same problem hits sudo(8) if your are using a %wheel line. Since there is no pam.d/sudo on my system I think the bug probably lies in libc itself. Is this expected behaviour? I'd classify it as bug ... Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070821195043.GA1464>