Kannappan M via FreeIPA-users wrote: > Hi All, > > i have granted a bunch of users to a list of servers but except > one server all the user are able to touch the files once they login > to 3out of 4 servers , in one server alone am able to switch to user > but not able to touch any files getting message as permission denied
To restate: - you created an HBAC rule that allows a set of users to log into a set of 4 hosts and that works ok - on one of the 4 hosts one user is not allowed to create files We can eliminate HBAC as a problem since it allowed login access. It doesn't control who can write files on a host. It sounds like a groups problem. I'd suggest looking at what files/directories are not writable and see what the permissions are. I wonder if one user is not in the group which owns the directory. You can use getent groups <user> to see what groups they are in. It should be the same on all hosts and it should match what ipa user-show <user> shows for group memberships. That's where I'd start anyway. Next step would be to increase debugging on the SSSD side to see whether all the groups that the user should be in are being resolved properly. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
