Comment 100 for bug 423252
Revision history for this message
| Nathan Stratton Treadway (nathanst) wrote Re: [Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo | #100 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Fri, Sep 24, 2010 at 16:46:25 -0000, Nathan Stratton Treadway wrote:
> As greenmoss found, when I was running with libpam/nss-ldap and
> no nscd (and didn't have any of the users in question listed in
> the "ignoreusers" line), my "at" commands worked for LDAP users
> but not for ones defined in /etc/passwd. (When an LDAP user
> attempted to run an "at" command, the following syslog message
> would appear:
> atd[<PID>]: Cannot delete saved userids: Operation not permitted
>
> However, I found that when nscd was running... the situation was
> reversed: "at" commands did work for LDAP-defined users, but not
> for /etc/passwd-defined ones (and attempts to use "at" as one of
> those users would cause the same error message as above to show
> up in the syslog).
I'm sorry, I seem to have managed to jumble the succeeded/failed
statuses given in those two paragraphs...
Hopefully the following table is more clear:
without ncsd:
passwd user: failed (and "Cannot delete" syslog message appeared)
LDAP user: succeeded
with ncsd running (and after restarting the "atd" service):
passwd user: succeeded
LDAP user: failed (with same "Cannot delete" syslog message)
Nathan