Red Hat Bugzilla – Bug 188015
Including individual NIS groups in /etc/group does not work
Last modified: 2007-11-30 17:07:24 EST
Description of problem:
It seems not to be possible to include individual NIS group entries in
/etc/group (using +<group>:::) without also including all other NIS groups
(using +::: at the end of the file). This way of including (or excluding)
entries *does* work for /etc/passwd.
When running 'ls -l /home' (with a 'user private group' policy active, so
directories are owned by groups corresponding to the individual users) the
output only lists the group ID's, not the group names when the +::: entry is
missing. The user names are displayed correctly, though.
Running 'strace ls -l /home' shows that the nscd socket is queried for group
names (or the NIS server if nscd is not running) if the +::: is added; these
queries are missing entirely (and no other system calls are made instead) if the
+::: entry is missing.
Version-Release number of selected component (if applicable):
Correct output of 'ls -l /home' when +::: entry is present (group names).
Incorrect output of 'ls -l /home' when +::: entry is missing (group ID's only).
Steps to Reproduce:
I believe this to be a glibc issue since that were the code
that does the password parsing lives... Now the question I have
is did the Linux NIS version ever support this type of functionality?
It may well have done so, but I don't know. Maybe it didn't, but frankly, I
don't care. Although the manpages and other docs don't state it explicitly,
including a single group using +group::: should give you just the one group,
instead of no group at all. The whole mechanism can be abolished if the only
way to make inclusion of a group work is to include all other groups afterwards
as well... The only use for this type of behaviour is to exclude a group out of
the whole set of groups (with -group:::, but didn't checked that), but that is
no viable option, since the set of groups changes constantly. And if you want to
exclude all but some groups, you're in for a lot of work...!
Although I would find it couter-intuitive and rather crude, I would accept it if
inclusion of single groups works if a line with
is added as the last line of /etc/group, having the meaning "include all groups,
but select none of them..."
Since I have no access to a system to test this right now I leave this comment
as a hint.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Development Management has reviewed and declined this request. You may appeal
this decision by reopening this request.