Your message dated Tue, 6 Feb 2007 10:09:09 +0100 with message-id <20070206090909.GF18146@mad.intersec.eu> and subject line Unwanted "security" precautions in nss_compat has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Unwanted "security" precautions in nss_compat
- From: Anton Ivanov <arivanov@sigsegv.cx>
- Date: Tue, 31 May 2005 15:01:18 +0000
- Message-id: <E1Dd8F7-0005Od-00@aragorn>
Package: libc6 Version: 2.3.2.ds1-21 Severity: important nss_compat module recently started to ignore groups with under 1000 gids and there are no means to configure it mentioned in the documentation. As a result any network groups inherited from old times where 500 was a popular cutoff will not be visible without hacking nss_switch.conf to add an explicit "nis" entry for groups Can't find the actual problem in the changelog so this has most likely crept up as a part of other patches. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-c3v2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libc6 depends on: ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl -- no debconf information
--- End Message ---
--- Begin Message ---
- To: Anton Ivanov <arivanov@sigsegv.cx>
- Cc: 311370-done@bugs.debian.org
- Subject: Re: Unwanted "security" precautions in nss_compat
- From: Pierre HABOUZIT <madcoder@debian.org>
- Date: Tue, 6 Feb 2007 10:09:09 +0100
- Message-id: <20070206090909.GF18146@mad.intersec.eu>
- In-reply-to: <45C7ABD8.3040509@sigsegv.cx>
- References: <E1Dd8F7-0005Od-00@aragorn> <[🔎] 20070205211801.GA12804@hades.madism.org> <45C7ABD8.3040509@sigsegv.cx>
On Mon, Feb 05, 2007 at 10:12:40PM +0000, Anton Ivanov wrote: > Pierre HABOUZIT wrote: > > >tag 311370 + moreinfo > >thanks > > > > > > > >>nss_compat module recently started to ignore groups with under 1000 gids > >>and there are no means to configure it mentioned in the documentation. > >>As a result any network groups inherited from old times where 500 was > >>a popular cutoff will not be visible without hacking nss_switch.conf > >>to add an explicit "nis" entry for groups > >> > >>Can't find the actual problem in the changelog so this has most likely > >>crept up as a part of other patches. > >> > >> > > > > Could you elaborate about your setup ? I'm confused, are you talking > >about netgroups or system groups ? if it's system groups, I'm not able > >to reproduce your problem. > > > > > I had observed it with system groups at the time of filing. The group > (gid 500, inherited from an old redhat install) was clearly available in > the yp server map and greppable on a ypcat, but not visible to getent. > The nssswitch had only compat at the time. > > I cannot reproduce it any more on sarge (I do not have an etch on the > network). > > You might as well close it. If it reoccurs I will try to dig it through > the sources and locate the exact reason. okay then. thanks -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.orgAttachment: pgp6c_WjGcx1b.pgp
Description: PGP signature
--- End Message ---