What if the user 'su' or 'sudo -u' to himself? On Jun 30, 2011 4:58 AM, "Patrick Cable" <[email protected]> wrote: > > On Wed, Jun 29, 2011 at 2:01 PM, Jan L. Peterson > <[email protected]> wrote: > > When I start seeing weird things like this, I often resort to tracing > > the program in question to see where it thinks it's getting it's info > > from. Try this both as the user and via su and compare the output. > > Back to this again. So, I turned off NSCD and had the user rerun the > trace, and I reran the trace as well. > > Both traces go to LDAP to query the user just fine. Just, doing it > su'ed to the user returns a getgroups() with 8 entries and doing it as > the user returns a getgroups() with one entry. On the strace that > returns all groups, there is a bunch of extra LDAP querying to map > group ID numbers to names. > > I'm going to have the user try another machine in his building, to > rule out the machine (a machine issue would surprise me, since all the > desktops are basically the same, but anything is possible). I will > then remove "stapusr" from the local /etc/groups -- we were once upon > a time a solaris shop and there is a lot of low group ID use. Most > people are members of the "staff" group (wheel in linux, > unfortunately) but I will drop him there and see what happens. > > So much for this being some oddity I missed along the way. Fun times! > > (With apologies to Jan for getting this twice since I am a giant > turkey who cant mash "reply to all" successfully) > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
