Red Hat Appears to Ignore Secondary Groups for LDAP Users
Nigel Wade
nmw at ion.le.ac.uk
Thu Mar 20 09:15:47 UTC 2008
Tim P. Starrin wrote:
> On Red Hat Enterprise Linux (RHEL) 4 Update 6 with the latest patches
>
> Given the LDAP user "t-bone" with the following group set...
>
> % id
> uid=9066(t-bone) gid=121(a00121) groups=121(a00121),144(a00144) \
> context=user_u:system_r:unconfined_t
>
> % groups
> a00121 a00144
>
>
> The following operations that should work on a Linux ext3 file system,
> fail...
>
> % ls -la
> drwxr-x--- 2 root a00144 4096 Mar 19 13:29 a00144
> -r--r----- 1 root a00144 29 Feb 27 18:34 date
>
> % ls a00144
> ls: a00144: Permission denied
>
> % cat date
> cat: date: Permission denied
>
>
> Note that file and directory access via the primary group, gid=121(a00121),
> works fine.
>
> Did I setup something wrong or is this a real bug?
>
> Thanks.
>
That should work, it works here with groups supplied by LDAP.
What are the permissions on the entire path leading to the directory
containing a00144 and date?
What do you get if you use getent to display the group a00144?
# getent group a00144
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the redhat-list
mailing list