 Questions and
Answers
Amy Rich
Q I'm running Solaris 9 on an Ultra 250. I was
adding some groups with groupadd for a project that's taking place on
this machine. A user later complained that people in other groups could see
non-group readable files in his group. When I checked, I saw that all of the
groups I added had the same GID! To make certain that I hadn't done something
stupid when I created them initially, I added a couple more groups, and sure
enough, they all had a GID of 100:
groupadd foo
groupadd bar
egrep 'foo|bar' /etc/group
foo::100:
bar::100:
I tried the same commands on another E250 with the same OS and patch revisions,
and it worked fine. I'm rather at a loss here.
A It sounds as if you, like many other people,
have removed the SUNWnisu package. Unfortunately, this package contains the
/usr/bin/getent command as well as NIS-specific programs. You can specify the
GID on the groupadd command line, add groups by hand, or reinstall SUNWnisu
to get around this issue. In Solaris 10, /usr/bin/getent has been relocated
to SUNWcsu to prevent this kind of problem.
Q We support a number of telecommuting users
who want to run their own mail servers. Most of these people run FreeBSD or
Linux so they can get things running, but a number of them have been exploited
as open mail relays. They generally don't notice this until their provider shuts
them down, and then they can't telecommute. Is there a definitive way to tell
whether a machine is an open mail relay?
A There are a number of tests to check whether
a machine is an open mail relay. One that I've used before is Not Just Another
Bogus List (njabl.o
|
