On Thu, Apr 03, 2008 at 06:17:14PM +0800, John Morris wrote: > When shutting down a CentOS system with the EPEL Shorewall RPM, the network > is shutdown before Shorewall. There is still a case where Shorewall > requires a passwd getent lookup in the "determine_capabilities" function in > /usr/share/shorewall/lib.base on this line: > > qt $IPTABLES -A $chain -m owner --uid-owner 0 -j ACCEPT && > OWNER_MATCH=Yes > > It's quite possible that my nss_ldap configuration is wrong, since uid 0 is > in the /etc/passwd file.
You have placed ldap before passwd in /etc/nsswitch.conf. That means you want to make a slow-maybe-fails lookup first, and only use /etc/passwd after it fails or returns not-found. If you had them in the other order then no lookup would be made for things in /etc/passwd. That's usually what you want, so that all the system entries are fast. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
