[Kde-kiosk] Problem with Applying Group Profiles to new Users
Murray Trainer
mtrainer at central-data.net
Fri Jan 21 18:20:23 CET 2005
Martijn Klingens wrote:
>On Friday 21 January 2005 05:06, Murray Trainer wrote:
>
>
>>vserver:/tmp/mt # cc -o test test.c
>>vserver:/tmp/mt # ./test
>>Segmentation fault
>>vserver:/tmp/mt #
>>
>>
>
>You're supposed to run it as
>
># ./test external
>
>i.e., with the name of the group as argument. There is a check for that, but
>it should check for argc < 2 and not < 1, hence you never see the safeguard,
>sorry.
>
>But don't expect it to solve a whole lot, if your nsswitch.conf is correct and
>you don't have a local group I'm a bit out of ideas.
>
>Does the 'sudo' case from the first link work for you? I.e., if you allow
>group 'external' to sudo some command, does that work correctly?
>
>
>
ldap:/tmp/mt # ./test external
Members in group external:
* demo
* local
* local2
* gls
Primary group for user root: root
ldap:/tmp/mt # groups gls
gls: users Domain Users external
Removed gls from LDAP group external
ldap:/tmp/mt # ./test external
Members in group external:
* demo
* local
* local2
* gls
Primary group for user root: root
ldap:/tmp/mt # groups gls
gls : users Domain Users
ldap:/tmp/mt # su - gls
gls at ldap:/tmp/mt> ./test external
Members in group external:
* demo
* local
* local2
* gls
Primary group for user gls: users
ldap:/tmp/mt # su - mtrainer
mtrainer at ldap:/tmp/mt> ./test external
Members in group external:
* demo
* local
* local2
* gls
Primary group for user mtrainer: users
mtrainer at ldap:/tmp/mt> groups gls
gls : users Domain Users
Added mtrainer to LDAP group external
mtrainer at ldap:/tmp/mt> ./test external
Members in group external:
* demo
* local
* local2
* gls
Primary group for user mtrainer: users
mtrainer at ldap:/tmp/mt> groups mtrainer
mtrainer : users Domain Users external
Basically - the groups command give correct results and your program
doesn't. It appears to remember the old values - could it be a problem
with your C code not reallocating the memory that it stores the results
in properly or something like that? But why only for LDAP groups?
Regarding sudo - I have two sets of servers (test and prod) having the
same Kiosk profile problem. The prod one is using a local wheel group
and the test one isn't so I don't think that is relevant. Apart from
that both sets of servers are setup pretty similarly.
One question I have to ask is has the Kiosk tool been tested to work
properly using LDAP elsewhere? Everything else is my LDAP setup seems
to be working fine - it is only the Kiosk tool having problems. I still
think it is worth looking at the source code of the groups command as
that does the right thing.
More information about the kde-kiosk
mailing list