registry team mailing list archive

Thread
Date

[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo

To: registry@xxxxxxxxxxxxxxxxxxx
From: greenmoss <423252@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Sep 2010 22:26:31 -0000
Reply-to: Bug 423252 <423252@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

My bug 509734 was marked as a duplicate of this one. This was a special
case using the atd job scheduler. At jobs launched by ldap users worked,
but at jobs launched by root did *not* work. atd was doing a group
lookup, and nss was dropping privileges, thus breaking root-launched at
jobs. To work around this, I added the following line to my
/etc/ldap.conf:

nss_initgroups_ignoreusers  <users>

where <users> is the list of local non-ldap users, particularly root!
There is a script that is part of nss-ldap that does this for you:

/usr/sbin/nssldap-update-ignoreusers

Atd is finally working for me now.

-- 
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.

Follow ups

Re: [Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo
From: Nathan Stratton Treadway, 2010-09-24