LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   Issues with nsswitch.conf in RHEL5 (https://www.linuxquestions.org/questions/red-hat-31/issues-with-nsswitch-conf-in-rhel5-4175445792/)

manimal29 01-16-2013 12:27 AM
Issues with nsswitch.conf in RHEL5
 
I have an issue that I've not seen before.

I was given a server that is running RHEL5 update 4 and asked to configure it for our development network. I edited all of the necessary files to accomplish the task. (hosts, resolv.conf, yp.conf, network, ifcfg-eth0, nsswitch.conf, resolv.conf, etc.) I chkconfig'd on the needed services, and rebooted the machine.

After the reboot, I was not able to login as a regular user. I logged in as root and began my investigation of the problem. Upon looking at nsswitch.conf, I noticed that the changes I had made to the file ( I had added nis to password, shadow, and group. The machine originally used files as the primary login method.) had disappeared! I thought that maybe I was mistaken and had not edited the file, so I did it again and rebooted.

After the reboot, the same thing happened. The edits I had made in the nsswitch.conf file had reverted back! I was able to edit the file again, and this time, I simply restarted ypbind and autofs. Low and behold, I could cd to shares and various NIS'd home directories without issue. I rebooted the box one last time and found the file had reverted for a third time!

Does anyone know of something in services or init.d that could be overwriting the changes to the file each time the machine is rebooted? I made the changes as root and was CERTAIN that I wrote the changes prior to quitting the editor.

Any help and/or suggestion is greatly appreciated!

Kustom42 01-16-2013 05:47 PM
I have seen NetworkManager make changes to resolve.conf and have heard it can do weird stuff with other files. The file should have a header that tells you what modified it(thats best practice at least). So if you update your /etc/resolv.conf and reboot the system it gets over-written but there is a three line header that is appended stating that it was updated by NetworkManager.


If there is no header its really hard to tell what is modifying it, I mean you could do an fuser or lsof and hope to catch it but I cant think of any log file that would tell you. Maybe try a:

Code:
grep -Hir "nsswitch" /var/log/
That will grep through your entire log directory and report back any files that contain nsswitch.

Another way to prevent this would be to use selinux and change the context of the file to prevent unauthorized edits.


All times are GMT -5. The time now is 10:04 AM.