NSS changes in releng/10.2?
Patrick M. Hausen
hausen at punkt.de
Mon Nov 23 14:42:53 UTC 2015
Hi, all,
I just upgraded an older system from 8.4 to 10.2 in a single go.
No unexpected problems, until I tried to use "su":
$ su -
su: Sorry
Well, I *am* a member of the wheel group:
$ id
uid=10093(ry93) gid=10001(intern) groups=10001(intern),0(wheel),10002(entwickler)
Hmmm ... we pull all this information from LDAP. My nsswitch.conf has always been:
group: files cache ldap
passwd: files cache ldap
Without the "compat" entries.
Let's check the groups:
$ pw group show -a
wheel:*:0:
wheel:*:0:ry22,ry96,ry90,ry93
Before the update the members were merged. The first line is coming from /etc/group,
the second from LDAP. I do have to remove the "root" member in /etc/group from wheel
on all systems for LDAP information to be merged in, even on the older systems. But for
some reason that seems not to be sufficient, anymore.
If I put myself (ry93) in the file, everything works as expected.
Another way I tried was this for nsswitch.conf:
group: compat
group_compat: cache ldap
and then the traditional "+:*:0:" entry in /etc/group. The outcome of "id" and "su -" is
precisely the same as above. I am shown to be a member of group wheel, yet su
won't let me.
Any ideas?
Thanks,
Patrick
--
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
More information about the freebsd-stable
mailing list