[GRLUG] SuSE 13.2 group weirdness

Adam Tauno Williams awilliam at whitemice.org
Tue Oct 6 14:59:38 EDT 2015

Quoting "L. V. Lammert" <lvl at omnitec.net>:
> Build a new server (minimal install), and it is exhibiting some strange
> group behavior!
> A UID is in three groups, .. *but* only the primary group shows at login!
> After that, one can 'newgrp' to a different group of which you are Member,
> and if you are not a Member of that group, it requires a password.
> Has anyone ever seen behavior like this? It's a new one to me!

Are you using SSSD for ident?

This is sort of a 'new default'.  Group enumeration due to absurdities  
in the NSS functions can be scandalously inefficient;  even more so  
now that many identity systems support nested groups [Ugh!]. Group  
membership may not be enumerated, but it should work for interrogation.

Lots of new code and subsystems work this way.

It is a *feature* you can toggle *off* if you really need getpwent()  
et al to enumerate all groups.  But generally all it will do is make  
things slower.

More information about the grlug mailing list