[cvsnt] Intermittent group membership / security error

Tony Hoyle tony.hoyle at march-hare.com
Fri May 30 14:44:40 BST 2008


kmknox at aep.com wrote:

> For some reason, between Tuesday afternoon and Thursday morning, our CVSNT 
> implementation suddenly is not reading in the groups from the group file! 
> 
> We've changed nothing in the way the group file is stored, updated or 
> read. We've not upgraded or downgraded the OS or hardware. We've not 
> changed antivirus settings. Nothing is regularly querying the server. And 
> somehow, CVSNT quits reading the group file. 
> 
> Any ideas?
>
Sounds like your nsswitch configuration is screwed somehow - we don't 
read the group file directly, rather call getgroups() which returns the 
list of groups.  The OS gets this information from nsswitch.conf (and 
via PAM I think also).

As we rely on the OS to return the list of groups there are lots of 
things that could go wrong, but they're not directly CVSNT related... 
any fault with that will affect the entire OS eg. file ownership reading 
incorrectly, inability to sudo, etc.

Tony


More information about the cvsnt mailing list