[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#240836: libc6: Duplicated group-id's breaks NFS-access

Package: libc6
Version: 2.3.2.ds1-11
Severity: normal

I recently got problems accessing our NFS-server. Even if I was member
of the right groups was my accesses denied by the server. After some
investigation did I found out that the NFS-requests didn't contain all
groups I am a member of. Also, most of the group-id's was duplicated
in the NFS-requests.

NFS has a limitation on the number of groups (16 I think) and as the
groups are duplicated was that limit exceeded, and I was denied

The normal system-utilities, like id gives this:

uid=1006(anders) gid=100(users) grupper=4(adm),4(adm),7(lp),7(lp),14(sysadmin),20(dialout),24(cdrom),24(cdrom),25(floppy),25(floppy),25(floppy),29(audio),29(audio),40(src),40(src),44(video),44(video),50(staff),50(staff),100(users),101(telnetd),1006(anders),2000(cad),2002(install),2002(install),2017(cvsadmin),10001(linux)

For an example floppy is listed 3 times. A test-program using
getgroups gives the same result, making it a libc6-problem.

My /etc/nsswitch.conf looks like this:

group:          files nis compat

and floppy exists in both files and NIS.

I don't know if it is OK to return the same group-id several times
from getgroups or not, BUT NFS (and system utilities like id) should
not duplicate group id's.

This problem is new, older versions of my system did not duplicate the
groups-id's in NFS-requests. I update testing almost every day, and
one month ago didn't the problem exist.

A work-around is to remove compat from /etc/nsswitch.conf, and remove
group-entries from /etc/group that also exists in NIS.

/ Anders

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.4
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to sv_SE)

Versions of packages libc6 depends on:
ii  libdb1-compat                 2.1.3-7    The Berkeley database routines [gl

-- no debconf information

Reply to: