Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Thank you, Bo. You are exactly correct. Nsswitch.conf appears to be good on our system, but the problem has gone into hibernation since Thursday (until this Tuesday afternoon?) I reasonably expect it's going to occur again, and don't know where to start in troubleshooting the CVSROOT\group file not being read when it starts again, Kevin On Fri, 30 May 2008 14:44:40 +0100, Tony Hoyle <tony.hoyle at march-hare.com> wrote: >kmknox at aep.com wrote: > >> We have found a discrepancy between traces run during the problem and >> traces run after the problem resolves itself. When the problem is >> affecting us, the "add_valid_group" step ONLY finds the Linux Operating >> System group, "cafdev." When the problem is not affecting us, the >> "add_valid_group" step finds the OS group cafdev AND 3 groups identified >> in the CVSROOT\group file. >> >> For some reason, between Tuesday afternoon and Thursday morning, our CVSNT >> implementation suddenly is not reading in the groups from the group file! >> >> We've changed nothing in the way the group file is stored, updated or >> read. We've not upgraded or downgraded the OS or hardware. We've not >> changed antivirus settings. Nothing is regularly querying the server. And >> somehow, CVSNT quits reading the group file. >> >> Any ideas? >> >Sounds like your nsswitch configuration is screwed somehow - we don't >read the group file directly, rather call getgroups() which returns the >list of groups. The OS gets this information from nsswitch.conf (and >via PAM I think also). > >As we rely on the OS to return the list of groups there are lots of >things that could go wrong, but they're not directly CVSNT related... >any fault with that will affect the entire OS eg. file ownership reading >incorrectly, inability to sudo, etc. > Do you mean that the OS is linking in to the group file in CVSROOT?? Sounds very strange to me. What if you have say 50 repositories and therefore 50 CVSROOT/group files, how can the operating system know which are valid and which are not for a particular cvs call?? And how do you tell it to include the group file from CVSROOT into its scope of groups? What the OP is saying is that CVSNT is suddenly not reading *CVSROOT/group* and therefore not getting the internal CVS defined user groups and therefore not correctly giving access to certain users. HTH /Bo (Bo Berglund, developer in Sweden) _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt