From owner-freebsd-stable@FreeBSD.ORG Wed Aug 22 00:08:37 2007 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C309F16A478 for ; Wed, 22 Aug 2007 00:08:37 +0000 (UTC) (envelope-from Brian.Scott@det.nsw.edu.au) Received: from hplmx1.det.nsw.edu.au (hplmx1.det.nsw.edu.au [153.107.41.145]) by mx1.freebsd.org (Postfix) with ESMTP id 72B3013C4F7 for ; Wed, 22 Aug 2007 00:07:45 +0000 (UTC) (envelope-from Brian.Scott@det.nsw.edu.au) Received: from itfsmtp7.central.det.win (externalmail.det.nsw.edu.au [153.107.8.159]) by hplmx1.det.nsw.edu.au (8.13.1/8.13.1) with ESMTP id l7LNiF56028315; Wed, 22 Aug 2007 09:44:15 +1000 Received: from itfexhub4.central.det.win (Not Verified[153.107.9.31]) by itfsmtp7.central.det.win with MailMarshal (v6, 1, 8, 2137) id ; Wed, 22 Aug 2007 09:44:15 +1000 Received: from ALF6.riverina.det.win ([172.18.8.14]) by itfexhub4.central.det.win with Microsoft SMTPSVC(6.0.3790.3959); Wed, 22 Aug 2007 09:44:15 +1000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Wed, 22 Aug 2007 09:44:14 +1000 Message-ID: <93F091C9B5CFAF409180B07728D682E9EBEAF6@ALF6.riverina.det.win> In-Reply-To: <20070821195043.GA1464@roadrunner.spoerlein.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: pam_group vs. multiple group lines Thread-Index: AcfkMLWrsTBeZ4QVSPy7VUVEiFLU2wAG/bnw From: "Scott, Brian" To: "Ulrich Spoerlein" , X-OriginalArrivalTime: 21 Aug 2007 23:44:15.0222 (UTC) FILETIME=[2ECE1160:01C7E44D] Cc: Subject: RE: pam_group vs. multiple group lines X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2007 00:08:37 -0000 Try: wheel:*:0:root,us It looks like pam was stopping at the first matching line as you would expect from the man page for the group file. If there is a bug it is in the more liberal interpretation by other software. -----Original Message----- From: owner-freebsd-stable@freebsd.org [mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Ulrich Spoerlein Sent: Wednesday, 22 August 2007 5:51 AM To: stable@freebsd.org Subject: pam_group vs. multiple group lines Hi, I think I found a deficiency wrt. to pam_group (which also hits sudo(8) so this might be libc related instead). I found this while trying to migrate groups into LDAP, but you don't need LDAP to reproduce this, simply place the following in /etc/group wheel:*:0:root wheel:*:0:us % getent group|grep wheel;id wheel:*:0:root wheel:*:0:us uid=3D1001(us) gid=3D1000(us) groups=3D1000(us),0(wheel),80(www) As you can see, getent(1) and id(1) work fine. File access also works like expected, except for su(8) (because of pam_group group=3Dwheel in pam.d/su) % su - su: Sorry Combine the wheel entries back into one line and su(8) suddenly starts working again. Same problem hits sudo(8) if your are using a %wheel line. Since there is no pam.d/sudo on my system I think the bug probably lies in libc itself. Is this expected behaviour? I'd classify it as bug ... Cheers, Ulrich Spoerlein --=20 It is better to remain silent and be thought a fool, than to speak, and remove all doubt. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************