> On RHEL4 and 5 if "id username" shows that the user is in group
> 10(wheel) which RHEL grabbed from NIS groups since /etc/nsswitch.conf
> has "group files nis", the user cannot "su -" into the root account
> after entering the root password. The only thing that works is if the
> user is in the wheel group under /etc/group on the local machine.
As far as I am aware, group membership from two different sources do not
add together. The group in the first source found is the one that is
used.
e.g. Let's say I have:
NIS:
foo:x:111:user1,user2,user3
file:
foo:x:111:user2,user3,user4
If you have "group files nis" then user{1,2,3} are members, but user4 is
not. If you have "group nis files" then user{2,3,4} is a member, but
user1 is not.
I've run into this problem when groups in LDAP accidentally duplicate
the standard ones in /etc/group
> We
> also tried "group nis files" without success. We have the following
> line uncommented in /etc/pam.d/su:
>
> auth required /lib/security/$ISA/pam_wheel.so use_uid
That is strange given what I believe above... did you disable nscd
first? I confess that I have no idea about pam_wheel - it may be that it
*always* reads the local /etc/group.
--
Sam
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
