pam_group vs. multiple group lines
Scott, Brian
Brian.Scott at det.nsw.edu.au
Tue Aug 21 17:08:37 PDT 2007
Try:
wheel:*:0:root,us
It looks like pam was stopping at the first matching line as you would
expect from the man page for the group file. If there is a bug it is in
the more liberal interpretation by other software.
-----Original Message-----
From: owner-freebsd-stable at freebsd.org
[mailto:owner-freebsd-stable at freebsd.org] On Behalf Of Ulrich Spoerlein
Sent: Wednesday, 22 August 2007 5:51 AM
To: stable at freebsd.org
Subject: pam_group vs. multiple group lines
Hi,
I think I found a deficiency wrt. to pam_group (which also hits sudo(8)
so this might be libc related instead).
I found this while trying to migrate groups into LDAP, but you don't
need LDAP to reproduce this, simply place the following in /etc/group
wheel:*:0:root
wheel:*:0:us
% getent group|grep wheel;id
wheel:*:0:root
wheel:*:0:us
uid=1001(us) gid=1000(us) groups=1000(us),0(wheel),80(www)
As you can see, getent(1) and id(1) work fine. File access also works
like expected, except for su(8) (because of pam_group group=wheel in
pam.d/su)
% su -
su: Sorry
Combine the wheel entries back into one line and su(8) suddenly starts
working again. Same problem hits sudo(8) if your are using a %wheel
line. Since there is no pam.d/sudo on my system I think the bug probably
lies in libc itself.
Is this expected behaviour? I'd classify it as bug ...
Cheers,
Ulrich Spoerlein
--
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
_______________________________________________
freebsd-stable at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to
"freebsd-stable-unsubscribe at freebsd.org"
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
More information about the freebsd-stable
mailing list