Date: Thu, 13 Oct 2011 15:06:11 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Chao Shin" <quakelee@geekcn.org> Cc: freebsd-security@freebsd.org, Lev Serebryakov <lev@freebsd.org> Subject: Re: pam_ldap and nss_ldap : checken and egg problem with "wheel" group and "su" utility Message-ID: <86vcrt9h30.fsf@ds4.des.no> In-Reply-To: <op.v18r1df7hnq548@quakelee-work> (Chao Shin's message of "Wed, 12 Oct 2011 12:29:05 %2B0800") References: <679126918.20110922121706@serebryakov.spb.ru> <op.v18r1df7hnq548@quakelee-work>
next in thread | previous in thread | raw e-mail | index | archive | help
"Chao Shin" <quakelee@geekcn.org> writes: > "Lev Serebryakov" <lev@freebsd.org> writes: > > But when "wheel" is in /etc/group with only "root" member (as all > > other members are in LDAP), system never takes "wheel" members from > > LDAP (because /etc/group has priority) and "su" doesn't work! > I don't have system to test this now, but you can try below config in your > nsswitch.conf > > group: files [success=3Dreturn notfound=3Dcontinue] ldap > passwd: files [success=3Dreturn notfound=3Dcontinue] ldap That won't make any difference, because "files" *will* succeed, since there is a wheel entry in /etc/group. (actually, I believe [success=3Dreturn notfound=3Dcontinue] is the default behavior) DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86vcrt9h30.fsf>