[GRLUG] SuSE 13.2 group weirdness
Adam Tauno Williams
awilliam at whitemice.org
Tue Oct 6 14:59:38 EDT 2015
Quoting "L. V. Lammert" <lvl at omnitec.net>:
> Build a new server (minimal install), and it is exhibiting some strange
> group behavior!
> A UID is in three groups, .. *but* only the primary group shows at login!
> After that, one can 'newgrp' to a different group of which you are Member,
> and if you are not a Member of that group, it requires a password.
> Has anyone ever seen behavior like this? It's a new one to me!
Are you using SSSD for ident?
This is sort of a 'new default'. Group enumeration due to absurdities
in the NSS functions can be scandalously inefficient; even more so
now that many identity systems support nested groups [Ugh!]. Group
membership may not be enumerated, but it should work for interrogation.
Lots of new code and subsystems work this way.
It is a *feature* you can toggle *off* if you really need getpwent()
et al to enumerate all groups. But generally all it will do is make
things slower.
More information about the grlug
mailing list