Re: groups command on SLES 9

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: groups command on SLES 9

From:	Bob Proulx
Subject:	Re: groups command on SLES 9
Date:	Wed, 10 Aug 2005 22:34:45 -0600
User-agent:	Mutt/1.5.9i

Scott Gardner wrote:
> I don't know if this is a bug, but I'd appreciate it if you could explain 
> why the "groups" command doesn't return the correct list of groups if you 
> telnet into a SLES 9 machine.

This could be a local configuration issue specific to your machine.  I
could not recreate your problem on a SuSE machine upon which I tested
your case.  It worked fine for me.

> "groups" command on SUSE LINUX Enterprise Server 9 (i586) -- VERSION = 9
> After I telnet into the machine, these command are run...
> 
> [root wesdintel28]# id
> uid=0(root) gid=0(root) groups=0(root)

Okay.

> [root wesdintel28]# groups
> root

Yep.

> [root wesdintel28]# groups root
> root : root mqm mqbrkrs

The groups command is actually a shell script that will eventually
run:

  id -Gn -- root

What does that command say for you?

Meanwhile, this will be affected by the following configuration:

  grep ^group /etc/nsswitch.conf

It might say "files" or "files nis" or some such.  In which case any
of those may be providing this information.  You may need to look in a
few more places to see all of the configuration data.

What does this say?

  grep root /etc/group

> [root wesdintel28]# su -
> [root wesdintel28]# groups
> root mqm mqbrkrs

Your auxiliary groups are set when the process is created.  Apparently
when you logged in with telnet the telnetd did not set up these two
other auxilary groups for the process.  The groups command is just
reporting your current groups.

This is really an issue for your telnetd setting up or not setting up
your auxilary groups.  I have not looked at the telnetd code for a
long time but if I recall correctly it used either initgroups(2) or
setgroups(2) to set up the initial groups.  Looking at that
documentation may reveal a clue to your system question.

  man initgroups
  man setgroups

To tell the truth I think you should convert to using ssh instead of
telnet, especially for a root login.  Telnet passes the password
through in the clear where it may be sniffed on the network by a
cracker.  Then they would have your root password.  So even if there
is some issue with telnetd I would just leave it behind.  If it works
fine for ssh then I would do that and not look back.

Bob

[Prev in Thread]

Current Thread

[Next in Thread]

groups command on SLES 9, Scott Gardner, 2005/08/10
- Re: groups command on SLES 9, Bob Proulx <=
  - Re: groups command on SLES 9, Scott Gardner, 2005/08/16
    - Re: groups command on SLES 9, Bob Proulx, 2005/08/19

Prev by Date: Re: sudo apt-get install sun-j2rel.5
Next by Date: 'expr' command not working with option *
Previous by thread: groups command on SLES 9
Next by thread: Re: groups command on SLES 9
Index(es):
- Date
- Thread