Date: Thu, 23 Apr 1998 17:30:39 -0600 From: Chris Faehl <cfaehl@cs.unm.edu> To: freebsd-security@FreeBSD.ORG Subject: Possible bug in NIS passwd handling? Message-ID: <E0ySVS3-00055V-00@enterprise.cs.unm.edu>
next in thread | raw e-mail | index | archive | help
We seem to have stumbled over what I'd call a bug in NIS passwd handling
(or documentation error). This is 2.2.6. (apologies if this should be
in -stable - I'm not tracking it).
According to passwd(5):
Using groups instead of netgroups for NIS overrides
FreeBSD offers the capability to do override matching based on user
groups rather than netgroups. If, for example, an NIS entry is specified
as:
+@operator:::::::::
the system will first try to match users against a netgroup called `oper-
ator.' If an `operator' netgroup doesn't exist, the system will try to
match users against the normal `operator' group instead.
The implied behavior is that if (using the above example) a netgroup
'operator' DOES exist, and a user is not in that netgroup, permission
is denied. The behavior we're seeing seems to be that if a netgroup does
exist, and the user doesn't match that netgroup, the user
is compared against group membership.
In my thinking, the documented way is 'correct', the observed behavior
is 'incorrect'.
-------------------------------------------------------------------------------
Chris Faehl | Email: cfaehl@cs.unm.edu
The University of New Mexico | URL: http://www.cs.unm.edu/~cfaehl
Computer Science Dept., Rm. FEC 313 | Phone: 505/277-3016
Albuquerque, NM 87131 USA | FAX: 505/277-6927
-------------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0ySVS3-00055V-00>