First, thanks to all who replied:
"John D. Barlow" <John.D.Barlow@arp.anu.edu.au>
Jacques.Beigbeder@ens.ens.fr (Jacques Beigbeder)
Casper Dik <casper@fwi.uva.nl>
Christian Lawrence <cal@soac.bellcore.com>
John Barlow would have had the right answer, except that he didn't know
about a minor bug in getgrent.c. He said:
> in /etc/group on the gateway hosts:
>
> network:::root
> -network
> +:
Basically, if you don't use a negative entry to preclude inclusion of
the network group from NIS, the NIS network group will essentially
override the local network group when the '+' (all groups) line is
processed.
What John didn't know is that the code is busted, and when verifying
the syntax of the group entry, it doesn't understand that a group name
beginning with '-' is an NIS entry. Hence, it _requires_ a numeric
gid field. If you don't have one, the line is considered malformed,
and the rest of the file is ignored. (How clever. :-)
So, a working solution is:
+network:::root
-network::100:
+:
Note that I've also added a '+' to the local network group so that I
can leave the gid out. The following also works:
network:*:100:root
-network::100:
+:
Here's the patch to getgrent.c (Solaris 1.01 sources), for anyone who cares:
284c284
< ypentry = (*p == '+');
--- > ypentry = (*p == '+' || *p == '-');--jim
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:49 CDT