Hi all, I've been battling with a problem accessing an external device via serial port. I have it working now, but am not entirely satisfied with the 'solution' (c.f thread "/dev/ttyS0 and /dev/ttys0 - What's the difference?") The device attaches to /dev/ttyS1, which is root:uucp:rw-rw---- so I figured a standard user would be able to access the device without problem since by default they are assigned membership of group uucp. I found that this was not the case. After much faffing, I have identified the cause as NIS. With the default setup for the min GUID as 500, the output from groups on the server is: root@gandalf:~> groups dylan dylan : dandg users dialout video uucp audio root@gandalf:~> groups fabrizio fabrizio : users dialout video uucp audio (dandg is a group I have created for controlling network shared file access GUID=500, it is the default group for the relevant users so their files are created with group dandg) on a client I get: dylan@gandalf:~> groups dandg dylan@gandalf:~> groups fabrizio users This is clearly not satisfactory. From the point of view of accessing the serial port, I could set it to rw-rw-rw, but would need to do so on every machine which the external device might be used on. Also, that isn't actually the problem. What I actually want (and indeed, expected to be the case) is that the full group membership be distributed by NIS. To this end, I have temporarily set the min GUID on the NIS maps to be 0. This has done the trick - normal users can now access the serial port - but still doesn't seem satisfactory as I notice that the groups below GUID 500 appear twice when system and NIS groups are listed in YaST. Is there a better way to accomplish my goal? Should I delete the local entries from /etc/groups (surely not since there would be no groups defined either before ypbind starts or if the NIS server is unavailable)? Thanks for any help, comments, hints... Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
With the default setup for the min GUID as 500, the output from groups on the server is:
root@gandalf:~> groups dylan dylan : dandg users dialout video uucp audio root@gandalf:~> groups fabrizio fabrizio : users dialout video uucp audio
(dandg is a group I have created for controlling network shared file access GUID=500, it is the default group for the relevant users so their files are created with group dandg)
on a client I get:
dylan@gandalf:~> groups dandg dylan@gandalf:~> groups fabrizio users
Dylan, What are the contents of your client's /etc/nsswitch.conf ? Damian
On Saturday 20 December 2003 07:54 am, Damian O'Hara wrote: <SNIP>
Dylan,
What are the contents of your client's /etc/nsswitch.conf ?
/etc/nsswitch.conf =============== passwd: compat group: compat hosts: files nis dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files shadow: compat ============ Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan
... What I actually want (and indeed, expected to be the case) is that the full group membership be distributed by NIS. ...
You should read about the NIS setup first - you apparently don't know what you are doing ;-). Anyway 1. Check that the NIS group map content is seen by the client: client# ypcat group.byname 2. On each client, change the group line in /etc/nsswitch.conf to group: files nis An alternative is to keep the compat option but then you have to add a line containing '+' at the end of /etc/group. I haven't tested it now but as far as I remember this should be all. Don't forget to "re-log" on the client, otherwise the login shell will use the old setting. -- A.M.
On Saturday 20 December 2003 16:56 pm, Alexandr Malusek wrote:
Dylan
writes: ... What I actually want (and indeed, expected to be the case) is that the full group membership be distributed by NIS. ...
You should read about the NIS setup first - you apparently don't know what you are doing ;-). Anyway
You're a bit presumptive. I have consulted the manpages, the (practically nonexistant) info in /usr/share/doc/packages/autofs, the HOWTO from www.linux-nis.org, and the O'Reily NFS/NIS book. I hadn't made the connection that for group membership to be distributed the system groups (i.e. GUID<500) would need to be distributed.
1. Check that the NIS group map content is seen by the client:
client# ypcat group.byname
Indeed, it is now I've lowered the min GUID option.
2. On each client, change the group line in /etc/nsswitch.conf to
group: files nis
An alternative is to keep the compat option but then you have to add a line containing '+' at the end of /etc/group.
It always was group: compat My point is that it shouldn't be necessary to distribute the entire groups map from the server in order for the client to know a user's group membership. Especially since the default settings effectively withold this information.
I haven't tested it now but as far as I remember this should be all. Don't forget to "re-log" on the client, otherwise the login shell will use the old setting.
Of course... Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan
You're a bit presumptive. I have consulted the manpages, the (practically nonexistant) info in /usr/share/doc/packages/autofs, the HOWTO from www.linux-nis.org, and the O'Reily NFS/NIS book.
Then you know more than I do.
My point is that it shouldn't be necessary to distribute the entire groups map from the server in order for the client to know a user's group membership.
You can distribute only the entries which you want, e.g. uucp, by modifying the source directory in /var/yp/Makefile. The O'Reilly's book describes how to do it, YaST cannot do it. Note that for the group service, the resolver takes into account all services listed in the /etc/nsswitch.conf file and the rules like [SUCCESS=return] do not apply. If I specify group: files files files then the groups are listed three times: $ groups malusek uucp dialout audio video uucp dialout audio video uucp dialout audio video I don't like this feature which rather looks like a bug. I think only one group should be used. -- A.M.
Alexandr Malusek
If I specify
group: files files files
then the groups are listed three times ...
Duplicate entries in /etc/group are also reported more than once and this is not good. (Solaris 9 reports them only once.) I couldn't reach the http://bugs.gnu.org/cgi-bin/gnatsweb.pl site today so I reported the problem via the SUSE feedback. Some SUSE developers work on glibc too. -- A.M.
participants (3)
-
Alexandr Malusek
-
Damian O'Hara
-
Dylan