Corinna or Pierre please comment? [ Re: setuid() problem when disconnected from PDC under 1.3.12-2]

Jason Tishler
Tue Jul 16 12:16:00 GMT 2002


On Mon, Jul 15, 2002 at 04:25:35PM -0400, Pierre A. Humblet wrote:
> At 07:24 PM 7/15/2002 +0200, Corinna Vinschen wrote:
> >On Mon, Jul 15, 2002 at 11:59:51AM -0400, Jason Tishler wrote:
> I agree with everything Corinna wrote (just back from a long trip).
> The drawback of implementing a "lenient" version is that, without
> special edits of /etc/group, some site-dependent "mysterious" failures
> might happen when disconnected.

Understood, but sshd and cron failing when disconnected is not good

> Why not use a local account for sshd and cron? 

The above will be essentially unusable or at least extremely
inconvenient.  Repeatedly switching between PALO-ALTO\jatis (i.e., a
domain user) and TISHLERJASON\jt (i.e., a local user) would not be fun.

> Jason, can you telnet into the machine as a domain user when
> disconnected from the PDC for a long time? If so are the groups (from
> id) the same as when you are connected (working with an /etc/group
> that includes the domain groups)? (just curious).

I was thinking of trying the above experiment myself.  I will disconnect
before I leave work today and try first thing tomorrow.  I will report
back then.


