[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: groups command on SLES 9

From: Scott Gardner
Subject: Re: groups command on SLES 9
Date: Tue, 16 Aug 2005 14:23:04 -0600


Sorry it took me so long to get back to you, but I have a few answers to 
your questions.  Here's the output from the commands you asked me to 

[root wesdintel28 root]# id
uid=0(root) gid=0(root) groups=0(root)

[root wesdintel28 root]# id -Gn -- root
root mqm mqbrkrs

[root wesdintel28 root]# grep ^group /etc/nsswitch.conf
group:  compat

[root wesdintel28 root]# grep root /etc/group

I know about the telnet / clear text password issue.  All of my machines 
are test machines (inside the firewall) so I don't have to worry about 
keeping them secure.  What's the next step?  Do you think this is an 
initgroups/setgroups problem or something with telnetd?


Scott Gardner
IBM PvC Software Test

address@hidden (Bob Proulx)
08/11/2005 12:34 AM
        To:     Scott Gardner/Raleigh/address@hidden
        cc:     address@hidden
        Subject:        Re: groups command on SLES 9

Scott Gardner wrote:
> I don't know if this is a bug, but I'd appreciate it if you could 
> why the "groups" command doesn't return the correct list of groups if 
> telnet into a SLES 9 machine.

This could be a local configuration issue specific to your machine.  I
could not recreate your problem on a SuSE machine upon which I tested
your case.  It worked fine for me.

> "groups" command on SUSE LINUX Enterprise Server 9 (i586) -- VERSION = 9
> After I telnet into the machine, these command are run...
> [root wesdintel28]# id
> uid=0(root) gid=0(root) groups=0(root)


> [root wesdintel28]# groups
> root


> [root wesdintel28]# groups root
> root : root mqm mqbrkrs

The groups command is actually a shell script that will eventually

  id -Gn -- root

What does that command say for you?

Meanwhile, this will be affected by the following configuration:

  grep ^group /etc/nsswitch.conf

It might say "files" or "files nis" or some such.  In which case any
of those may be providing this information.  You may need to look in a
few more places to see all of the configuration data.

What does this say?

  grep root /etc/group

> [root wesdintel28]# su -
> [root wesdintel28]# groups
> root mqm mqbrkrs

Your auxiliary groups are set when the process is created.  Apparently
when you logged in with telnet the telnetd did not set up these two
other auxilary groups for the process.  The groups command is just
reporting your current groups.

This is really an issue for your telnetd setting up or not setting up
your auxilary groups.  I have not looked at the telnetd code for a
long time but if I recall correctly it used either initgroups(2) or
setgroups(2) to set up the initial groups.  Looking at that
documentation may reveal a clue to your system question.

  man initgroups
  man setgroups

To tell the truth I think you should convert to using ssh instead of
telnet, especially for a root login.  Telnet passes the password
through in the clear where it may be sniffed on the network by a
cracker.  Then they would have your root password.  So even if there
is some issue with telnetd I would just leave it behind.  If it works
fine for ssh then I would do that and not look back.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]