[Linux-users] various group/netgroup/gid/NIS issues on the new
linux machines
Ari Pollak
ari at ccs.neu.edu
Thu Aug 14 23:13:34 EDT 2003
Whoops, i thought this had been fixed as of the latest reinstallation.
Apparently I was setting the minimum UID too late in the installation
process. I'll see what can be done about this, since it's not such a
good idea to go renumbering system groups.
On Thu, Aug 14, 2003 at 09:39:59PM -0400, Jon Hart wrote:
> Greetings,
>
> Rather than bring this up in #crew, I figured I'd mention it here so
> someone could figure out how it should get fixed and who will do it.
>
> I something similar was mentioned at least once before, but apparently
> this probably has popped up again. There are a number of groups on the
> debian boxes that have conflicting gids with other groups in CCS' NIS
> domain. When I say "other groups", I mean both UNIX groups and
> netgroups.
>
> Of the 15 that clash, a few are a problem. I won't show the relevant
> lines from /etc/group and from ypcat because this is a publicly viewable
> archived list, so feel free to run something similar to the following
> command to see what groups are at fault:
>
> for group in `cat /etc/group | awk -F: '{print $3};'`; do
> grep=`ypcat group | grep :$group:`
> if [ $? = 0 ]; then
> echo && echo "CCS" $grep
> echo -n "Deb " && grep :$group: /etc/group
> fi
> done
>
> <snip a 10 line bit about how this is a security hole. AUP!>
>
> The same problem exists with UNIX netgroups in the NIS domain. I didn't
> take the time to comb through the netgroups and see if any clash, but
> one in particular did catch my eye. If you are a member of the 'grads'
> netgroup, you are a member of the gdm group on the linux machines. This
> was how I stumbled upon the initial problem when I found files laying
> around with obvious CCS usernames as the owner but belonging to the gdm
> group, which looked suspicious to me.
>
> -jon
More information about the Linux-users
mailing list