[cvsnt] Intermittent group membership / security error
Tony Hoyle
tony.hoyle at march-hare.com
Fri May 30 14:44:40 BST 2008
kmknox at aep.com wrote:
> For some reason, between Tuesday afternoon and Thursday morning, our CVSNT
> implementation suddenly is not reading in the groups from the group file!
>
> We've changed nothing in the way the group file is stored, updated or
> read. We've not upgraded or downgraded the OS or hardware. We've not
> changed antivirus settings. Nothing is regularly querying the server. And
> somehow, CVSNT quits reading the group file.
>
> Any ideas?
>
Sounds like your nsswitch configuration is screwed somehow - we don't
read the group file directly, rather call getgroups() which returns the
list of groups. The OS gets this information from nsswitch.conf (and
via PAM I think also).
As we rely on the OS to return the list of groups there are lots of
things that could go wrong, but they're not directly CVSNT related...
any fault with that will affect the entire OS eg. file ownership reading
incorrectly, inability to sudo, etc.
Tony
More information about the cvsnt
mailing list