Package: libpam-modules Version: 0.76-22 Severity: minor Yo!
I created a situation where a user was in a group twice (once through group.conf, once from that users configuration - LDAP in our case). It seems to me that some/all groups after the duplicate entry are ignored. Group list by id was something like: uid=1000(avbidder) gid=1000(users) groups=4(adm),20(dialout),24(cdrom),25 (floppy),29(audio),30(dip),44(video),46(plugdev),104(lpadmin),105 (scanner),1000(users),1000(users),1050(administration),1066(someothergroup) The problem was that some directories with 0770 for root:root and an acl 'group:administration:rwx' (mounted on NFS) were inaccessible. Directories accessible to 'users' group were fine, but later groups were ignored. So this is really two bugs (besides my configuration bug, of course): * in libpam-modules for creating the duplicate entry in the group list in the first place. * somewhere in the kernel (acl? NFS?) for stopping evaluation of the group list at the duplicate entry. cheers -- vbi -- All Hail Discordia!
pgpioKjclddc3.pgp
Description: PGP signature