Re: [SLE] /dev/ttyS0 and /dev/ttys0 - What's the difference?
Dylan
On Thursday 18 December 2003 19:27 pm, Mark Gray wrote: <SNIP>
Grasping at straws here, I would at this point start to look into how the resmgr works its magic, because your theory about NIS having something to do with it begins to make more sense. What does the command groups give you? I get:
markgray@k6:~> groups users uucp dialout audio video
Hmmm...
dylan@scooby:~> groups dandg
interesting - dandg is a group for segregating file access between me (d) and my partner (g) and our lodgers (who are not members of this group.) That works fine though...
Ahah -- thats your problem (I think:-), NIS is not setting your groups up properly when you login (your original suspicion is correct). I do not know anything about NIS, so you probably should reask your question with an appropriate NIS/groups containing subject so the NIS experts on this list have a look.
On Thursday 18 December 2003 19:58 pm, Mark Gray wrote: <SNIP>
Ahah -- thats your problem (I think:-), NIS is not setting your groups up properly when you login (your original suspicion is correct). I do not know anything about NIS, so you probably should reask your question with an appropriate NIS/groups containing subject so the NIS experts on this list have a look.
Well, in my book norrowing the field is good progress. Thanks for the help so far! Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
On Thursday 18 December 2003 19:58 pm, Mark Gray wrote: <SNIP>
Ahah -- thats your problem (I think:-), NIS is not setting your groups up properly when you login (your original suspicion is correct). I do not know anything about NIS, so you probably should reask your question with an appropriate NIS/groups containing subject so the NIS experts on this list have a look.
Well, some playing around has sorted it - I told the NIS server to distribute GUID's from 0 rather than the default 500 and all is fine now! Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Thursday 18 December 2003 19:58 pm, Mark Gray wrote: <SNIP>
Ahah -- thats your problem (I think:-), NIS is not setting your groups up properly when you login (your original suspicion is correct). I do not know anything about NIS, so you probably should reask your question with an appropriate NIS/groups containing subject so the NIS experts on this list have a look.
Well, some playing around has sorted it - I told the NIS server to distribute GUID's from 0 rather than the default 500 and all is fine now!
Dylan
So your using this as a root account.... Userid 0 is the userid of the root user. This is a huge securitie risk. Wouldn't be better to add the groups uucp(for ttyS0) and tty(for ttys0) to the user account on the NIS server. And rebuild the NIS map on the NIS server. This should work and is more secure. Hope this helps, Stefan.
On Friday 19 December 2003 20:48 pm, S. Bulterman wrote:
Dylan wrote:
On Thursday 18 December 2003 19:58 pm, Mark Gray wrote: <SNIP>
Ahah -- thats your problem (I think:-), NIS is not setting your groups up properly when you login (your original suspicion is correct). I do not know anything about NIS, so you probably should reask your question with an appropriate NIS/groups containing subject so the NIS experts on this list have a look.
Well, some playing around has sorted it - I told the NIS server to distribute GUID's from 0 rather than the default 500 and all is fine now!
Dylan
So your using this as a root account....
No, I'm not.
Userid 0 is the userid of the root user. This is a huge securitie risk.
Yes, I know.
Wouldn't be better to add the groups uucp(for ttyS0) and tty(for ttys0) to the user account on the NIS server. And rebuild the NIS map on the NIS server.
The relevant users ARE members of uucp, but the default setup for NIS distributes GROUP ID's from 500 and above - hence any system groups that a user is placed in are NOT distributed. As stated earlier in the thread, groups tells me that (for example) user 'dylan' is only in group 'dandg' (a group I have defined.)
This should work and is more secure.
I don't see how distributing the group memberships below 500 presents a great risk. The users below 501 are not distributed via NIS. And anyway, if an intruder (remote or physical) gets far enough to create a user who gets in a NIS map then my security monitoring would be most lacking Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
participants (3)
-
Dylan
-
Mark Gray
-
S. Bulterman