registry team mailing list archive

[Nathan Stratton Treadway <ubuntu.lp@xxxxxxxxxxxx>]

On Fri, Sep 24, 2010 at 16:46:25 -0000, Nathan Stratton Treadway wrote:
> As greenmoss found, when I was running with libpam/nss-ldap and
> no nscd (and didn't have any of the users in question listed in
> the "ignoreusers" line), my "at" commands worked for LDAP users
> but not for ones defined in /etc/passwd.  (When an LDAP user
> attempted to run an "at" command, the following syslog message
> would appear:
>   atd[<PID>]: Cannot delete saved userids: Operation not permitted
> 
> However, I found that when nscd was running... the situation was
> reversed: "at" commands did work for LDAP-defined users, but not
> for /etc/passwd-defined ones (and attempts to use "at" as one of
> those users would cause the same error message as above to show
> up in the syslog).

I'm sorry, I seem to have managed to jumble the succeeded/failed
statuses given in those two paragraphs...


Hopefully the following table is more clear:

without ncsd:
  passwd user: failed (and "Cannot delete" syslog message appeared)
  LDAP user: succeeded

with ncsd running (and after restarting the "atd" service):
  passwd user: succeeded
  LDAP user: failed (with same "Cannot delete" syslog message)


Nathan

-- 
NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.