sudo groups in PAM LDAP

Todd C. Miller Todd.Miller at courtesan.com
Thu Feb 26 17:13:52 EST 2004


In message <1077832465.4093.9.camel at brianv.ink.org>
	so spake Ezsra McDonald (Ezsra_McDonald):

> I switched the order in my nsswitch.conf file for group to "group: ldap
> files". Now it works!! Thanks. Why does the order need to change? Could
> it be because there is a empty group 'wheel' in the /etc/group file and
> also a group 'wheel' also in LDAP? (In my test the sudo user has to be a
> member of the group 'wheel'.) 

getgrnam() must be just taking the first wheel group it finds.
Previously this was the empty one.

 - todd



More information about the sudo-users mailing list