On Mon, Feb 03, 2003 at 02:04:56PM +0100, Ralf S. Engelschall wrote:
>On Sun, Feb 02, 2003, Bill Campbell wrote:
>
>> On Sun, Feb 02, 2003 at 01:29:38PM -0800, Bill Campbell wrote:
>> >On Sun, Feb 02, 2003 at 08:02:13PM +0100, Ralf S. Engelschall wrote:
>> ...
>> >>I've now added a little workaround for this subtle problem to the rc
>> >>command starting with openpkg-20030202-20030202. Just try it out.
>> >>Details: http://cvs.openpkg.org/chngview?cn=7230
>> >
>> >Building it now. Looks reasonable.
>>
>> Looks can be deceiving. Testing this on SuSE 8.1, running cron-3.0.1 (SuSE
>> distribution, not openpkg), the ``su'' doesn't seem to be executing at all
>> for non root users. It is executing that part of the script (I added a
>> command to copy $tmpfile after the ``su'' command, and that worked).
>
>Yes, there was another subtle bug with the tempfile stuff. Can you
>retry with openpkg-20030203-20030203? I hope this is fixed now, too.
This one works -- after I tracked down a subtle bug of my own in the
interaction between our LDAP authentication and openpkg's manipulation of
the local shadow and password files. It turned out that root couldn't su
to the restricted user, even from the command line. Everything worked fine
after I removed the /etc/{passwd,shadow} entries inserted by the openpkg
installed, and left it to LDAP.
This brings me around to something I've been thinking about quite a bit
recently. There are several places in the bootstrap process, and in the
rpm macros that get user and group information using this idiom:
uid=`(cat /etc/passwd; ypcat passwd) |
grep "^$user:" | awk -F: '{print $3}'`
The following will work with LDAP, at least on the various Linux
boxen that I've been using with pam_ldap and nss_ldap installed:
uid=`id -u $user || ((cat /etc/passwd; ypcat passwd) |...`
gid=`id -g $user || ((cat /etc/passwd; ypcat passwd) |...`
group=`id -gn $user || ((cat /etc/passwd; ypcat passwd) |...`
The ``id'' command will retrieve the user and group info from files, LDAP,
or NIS depending on the /etc/nsswitch.conf file.
Currently the bootstrap process doesn't pick up LDAP authentication so ends
up modifying the local files which probably conflict with the LDAP.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
The most serious doubt that has been thrown on the authenticity of the
biblical miracles is the fact that most of the witnesses in regard to
them were fishermen.
-- Arthur Binstead
______________________________________________________________________
The OpenPKG Project www.openpkg.org
Developer Communication List [EMAIL PROTECTED]
