[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo

greenmoss 423252 at bugs.launchpad.net
Wed Sep 22 23:26:31 BST 2010


My bug 509734 was marked as a duplicate of this one. This was a special
case using the atd job scheduler. At jobs launched by ldap users worked,
but at jobs launched by root did *not* work. atd was doing a group
lookup, and nss was dropping privileges, thus breaking root-launched at
jobs. To work around this, I added the following line to my
/etc/ldap.conf:

nss_initgroups_ignoreusers  <users>

where <users> is the list of local non-ldap users, particularly root!
There is a script that is part of nss-ldap that does this for you:

/usr/sbin/nssldap-update-ignoreusers

Atd is finally working for me now.

-- 
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list