Date: Mon, 23 Nov 2015 15:42:47 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: NSS changes in releng/10.2? Message-ID: <07B8E386-4692-4BE0-9516-E1CA67B2934D@punkt.de>
next in thread | raw e-mail | index | archive | help
Hi, all, I just upgraded an older system from 8.4 to 10.2 in a single go. No unexpected problems, until I tried to use "su": $ su - su: Sorry Well, I *am* a member of the wheel group: $ id uid=3D10093(ry93) gid=3D10001(intern) = groups=3D10001(intern),0(wheel),10002(entwickler) Hmmm ... we pull all this information from LDAP. My nsswitch.conf has = always been: group: files cache ldap passwd: files cache ldap Without the "compat" entries.=20 Let's check the groups: $ pw group show -a wheel:*:0: wheel:*:0:ry22,ry96,ry90,ry93=20 Before the update the members were merged. The first line is coming from = /etc/group, the second from LDAP. I do have to remove the "root" member in = /etc/group from wheel on all systems for LDAP information to be merged in, even on the older = systems. But for some reason that seems not to be sufficient, anymore.=20 If I put myself (ry93) in the file, everything works as expected. Another way I tried was this for nsswitch.conf: group: compat group_compat: cache ldap and then the traditional "+:*:0:" entry in /etc/group. The outcome of = "id" and "su -" is precisely the same as above. I am shown to be a member of group wheel, = yet su won't let me. Any ideas? Thanks, Patrick --=20 punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info@punkt.de http://www.punkt.de Gf: J=C3=BCrgen Egeling AG Mannheim 108285
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07B8E386-4692-4BE0-9516-E1CA67B2934D>