I first observed this issue in FreeBSD 5, so this pertains to FreeBSD 5.x - 8.2 and probably into HEAD. group does not honor the behavior documented in the nsswitch.conf man page. In specific: group: files ldap only files is ever consulted group: ldap files only /etc/group is ever consulted group: files [notfound=continue] ldap only /etc/group is consulted group: ldap [notfound=continue] files only ldap is consulted passwd seems to behave as documented with relation to nsswitch.conf settings. I believe that someone needs to look at the code pertaining to groups in what ever library nsswitch.conf is called from. This issue will effect anyone using groups from ldap, nis, or hessiod with the programs su or sudo. Fix: The same sort of code that is used with respect to passwd and hosts needs to be inserted into the libraries that deal with group and nsswitch.conf. How-To-Repeat: Put a user in group wheel on your ldap server or nis server or hesiod server, but not in group wheel on the local system and with the following entry in nsswitch.conf group: files ldap Then attempt to run su. You can also look at the output of getent group wheel
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped