[Bug 553142] Re: gdm does not obey NIS settings for user groups
Jan Groenewald
jan at aims.ac.za
Wed Aug 18 12:09:39 BST 2010
User liesl is in NIS group aimsadmrw, but shed does not get permissions with normal
login. However after either ssh localhost or su - liesl she does have the necessary group
permissions.
On lucid 64bit, LDAP client for passwords, NIS client for groups, NFS/autofs mounted /home.
ii nis 3.17-31 clients and daemons for the Network Informat
liesl at muizenberg:~$ grep 192 /etc/yp.conf
ypserver 192.168.42.2
liesl at muizenberg:~$ grep nis /etc/nsswitch.conf
group: compat nis
netgroup: nis
liesl at muizenberg:~$ grep liesl /etc/security/group.conf
* ;:0 ;liesl ;Al0000-2400 ;aimsadmr,aimsadmrw
liesl at muizenberg:~$ grep group /etc/pam.d/*|grep -v \#
/etc/pam.d/common-auth:auth optional pam_group.so
/etc/pam.d/gdm:auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
/etc/pam.d/gdm:auth optional pam_group.so
/etc/pam.d/login:auth optional pam_group.so
liesl at muizenberg:~$ tail -1 /etc/group
+:::
liesl at muizenberg:~$ ypcat group|grep aims
aimsadmr:x:20003:jan,lynne,ike,fjwh,gudrun,aeeda,barrie,liesl,bwg,asharma
aimsadrw2:x:20005:lynne,aeeda
aimsadmrw:x:20004:liesl,aeeda # <-- liesl in group in question.
aimsr:x:900:jan,lynne,ike,fjwh,gudrun,aeeda,bwg,asharma
NOTE GROUP PERMISSIONS IN STRAIGHT GDM LOGIN FAILS; BUT AFTER SSH IT
WORKS; AFTER SU - USER IT WORKS!
liesl at seychelles:/var/autofs/misc/home/liesl$ groups # WHY DOES IT SHOW SO MANY COPIES?
staff2009 adm adm cdrom cdrom floppy floppy audio audio video video plugdev plugdev aimsadmr aimsadmr aimsadmr aimsadmrw aimsadmrw aimsadmrw
liesl at seychelles:/var/autofs/misc/home/liesl$ id
uid=1498(liesl) gid=509(staff2009) groups=4(adm),4(adm),24(cdrom),24(cdrom),25(floppy),25(floppy),29(audio),29(audio),44(video),44(video),46(plugdev),46(plugdev),509(staff2009),20003(aimsadmr),20003(aimsadmr),20003(aimsadmr),20004(aimsadmrw),20004(aimsadmrw),20004(aimsadmrw)
liesl at seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods
touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied # ARGH
liesl at seychelles:/var/autofs/misc/home/liesl$ ssh liesl at localhost # VIA SSH
liesl at localhost's password:
Linux seychelles 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 05:14:15 UTC 2010 x86_64 GNU/Linux
Ubuntu 10.04.1 LTS
liesl at seychelles:~$ groups
staff2009 aimsadmr aimsadmrw
liesl at seychelles:~$ id
uid=1498(liesl) gid=509(staff2009) groups=509(staff2009),20003(aimsadmr),20004(aimsadmrw)
liesl at seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/
liesl at seychelles:~$ logout
Connection to localhost closed.
liesl at seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # :\
touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied
liesl at seychelles:/var/autofs/misc/home/liesl$ su - liesl
Password:
liesl at seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/
liesl at seychelles:~$
wtf?
Probably unrelated but mentioned here for completeness.
I thought adding these were unecessary, plus they do not fix the problem:
auth optional pam_group.so# to gdm-autologin
session optional pam_group.so #to common-session
account optional pam_group.so # to common-account
Also, in /var/log/kern.log this is apparently a harmless error:
svc: failed to register lockdv1 RPC service (errno 97).
can be solved by booting with kernel option ipv6.disable=1
and that does not fix it either.
Strace and ltrace does not show much information I can recognize besides
permission denied.
Also nscd is installed but stopped for above testing.
Also the new LDAP client libs are used, libpam-ldapd and not libpam-
ldap, so nslcd is installed.
--
gdm does not obey NIS settings for user groups
https://bugs.launchpad.net/bugs/553142
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nis in ubuntu.
More information about the Ubuntu-server-bugs
mailing list