[Linux-users]
various group/netgroup/gid/NIS issues on the new linux machines
Jon Hart
jhart at ccs.neu.edu
Thu Aug 14 22:39:59 EDT 2003
Greetings,
Rather than bring this up in #crew, I figured I'd mention it here so
someone could figure out how it should get fixed and who will do it.
I something similar was mentioned at least once before, but apparently
this probably has popped up again. There are a number of groups on the
debian boxes that have conflicting gids with other groups in CCS' NIS
domain. When I say "other groups", I mean both UNIX groups and
netgroups.
Of the 15 that clash, a few are a problem. I won't show the relevant
lines from /etc/group and from ypcat because this is a publicly viewable
archived list, so feel free to run something similar to the following
command to see what groups are at fault:
for group in `cat /etc/group | awk -F: '{print $3};'`; do
grep=`ypcat group | grep :$group:`
if [ $? = 0 ]; then
echo && echo "CCS" $grep
echo -n "Deb " && grep :$group: /etc/group
fi
done
<snip a 10 line bit about how this is a security hole. AUP!>
The same problem exists with UNIX netgroups in the NIS domain. I didn't
take the time to comb through the netgroups and see if any clash, but
one in particular did catch my eye. If you are a member of the 'grads'
netgroup, you are a member of the gdm group on the linux machines. This
was how I stumbled upon the initial problem when I found files laying
around with obvious CCS usernames as the owner but belonging to the gdm
group, which looked suspicious to me.
-jon
More information about the Linux-users
mailing list