Bug#240836: libc6: Duplicated group-id's breaks NFS-access
Package: libc6
Version: 2.3.2.ds1-11
Severity: normal
I recently got problems accessing our NFS-server. Even if I was member
of the right groups was my accesses denied by the server. After some
investigation did I found out that the NFS-requests didn't contain all
groups I am a member of. Also, most of the group-id's was duplicated
in the NFS-requests.
NFS has a limitation on the number of groups (16 I think) and as the
groups are duplicated was that limit exceeded, and I was denied
access.
The normal system-utilities, like id gives this:
>id
uid=1006(anders) gid=100(users) grupper=4(adm),4(adm),7(lp),7(lp),14(sysadmin),20(dialout),24(cdrom),24(cdrom),25(floppy),25(floppy),25(floppy),29(audio),29(audio),40(src),40(src),44(video),44(video),50(staff),50(staff),100(users),101(telnetd),1006(anders),2000(cad),2002(install),2002(install),2017(cvsadmin),10001(linux)
>
For an example floppy is listed 3 times. A test-program using
getgroups gives the same result, making it a libc6-problem.
My /etc/nsswitch.conf looks like this:
group: files nis compat
and floppy exists in both files and NIS.
I don't know if it is OK to return the same group-id several times
from getgroups or not, BUT NFS (and system utilities like id) should
not duplicate group id's.
This problem is new, older versions of my system did not duplicate the
groups-id's in NFS-requests. I update testing almost every day, and
one month ago didn't the problem exist.
A work-around is to remove compat from /etc/nsswitch.conf, and remove
group-entries from /etc/group that also exists in NIS.
/ Anders
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.4
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to sv_SE)
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information
Reply to: