SUMMARY: Bizzare Group Behaviour

From: Eric Burger (ericb@telecnnct.com)
Date: Wed Aug 18 1993 - 08:37:48 CDT


I really haven't gotten to the bottom of this one yet. Many people
suggested that our netid wasn't being updated, but in fact it was.

We've gone back to putting woof (and people like him) in their
own group.

Responses and original posting follow.

Thanks for the ideas from:
        ndd@sunbar.mc.duke.edu (Ned Danieley)
        missrab@Esy.COM (Ross Bawcum)
        Mike Raffety <miker@il.us.swissbank.com>
        glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)

--
--  Eric William Burger       --  Eric.Burger@telecnnct.com  --
--  The Telephone Connection  --  Tel. +1 301/417-0700       --
--  15200 Shady Grove Road    --  Fax. +1 301/417-0707       --
--  Rockville, MD  20850      --  U.S.A.                     --

Ned Danieley writes: > I had this happen once because I was doing things like 'make passwd' > in /var/yp, instead of just 'make'. if the netid doesn't get updated > when you make a new map, weird things happen. if you did a 'make something' > just before woof lost his groups, and then did a plain 'make' after > giving him a passwd (or if you gave him a passwd via yppasswd), that > might explain the problem. > > -- > Ned Danieley (ndd@sunbar.mc.duke.edu) > Basic Arrhythmia Laboratory > Box 3140, Duke University Medical Center > Durham, NC 27710 (919) 660-5111 or 660-5100

Ross Bawcum writes: > Have you checked the contents of the /etc/passwd for the + at the end of the file. > > What is the contents of the /etc/netgroup (if you are using it)

Mike Raffety writes: > Hmmm, are you using NIS? Are you making and pushing the "netid" map > every time you change the group file?

Glenn Satchell writes: > When you update the NIS group file, do you type "make group" or just > "make"? Does it rebuild the netid map? The netid map is used when to > list all the groups a particular user is in. It is much quicker to do > one lookup in this map rather than go through the whole group's map > which may be quite large. > > The dependencies are not in the /var/yp/Makefile, but netid should be > rebuilt whenever group and/or passwd is updated. If you always just > type "make" then this will work ok.

Original Posting: > We run an open internal net (e.g. no passwords for most accounts). > Our environment is SunOS 4.1.1B (Solbourne OS/MP 1.1B) with NIS. > > Recently, accounts without passwords lost group membership for any > entries in the NIS data base. E.g., if there was a group membership > for an account in the local /etc/group file, an "id" or "groups" > would return the group membership. However, group memberships specified > in /var/etc/group doesn't make it into "id" or "groups". > > Here's our /etc/group file: > wheel:*:0:ericb,woof > nogroup:*:65534: > daemon:*:1: > kmem:*:2: > bin:*:3: > tty:*:4: > news:*:6: > uucp:*:8: > audit:*:9: > other:*:20: > +: > > Here's an extract of our /var/etc/group file: > > staff::10:woof,ericb > ttc::200:woof,ericb > brite::201: > devel::203: > ttcsys::204:ttcrun,ttcadmin,twp,woof,dputnam,jhuang,ericb > finsys::205:finrun,finadmin,twp,woof,dputnam,jhuang,ericb > > Here's our /etc/netgroup file: > universal (,,) > telecnnct (fred,,telecnnct) (ginger,,telecnnct) (poopus,,telecnnct) (roll,,telecnnct) (bacall,,telecnnct) (ike,,telecnnct) (tina,,telecnnct) > beta (fred,,telecnnct) (ginger,,telecnnct) (poopus,,telecnnct) (app00b,,telecnnct) (app01b,,telecnnct) (voice00b,,telecnnct) (voice01b,,telecnnct) > > "ericb"s got a password; "woof" doesn't: > ericb:alskfl/jal23r:204:203:Eric Burger:/u/fred/u1/ericb:/bin/csh > woof::201:203:Andy Spitzer:/u/fred/u1/woof:/bin/csh > > Here's a 'groups' for ericb: > devel wheel staff ttc ttcsys finsys > > Here's a 'groups' for woof: > devel wheel > > If we add a password for woof, he gets all of his groups! > > Ideas?



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:06 CDT