On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
> 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi <gianluca.cec...@gmail.com>:
> 
> > To get the whole root environment you have to run
> > su - root
> > did you try with it?
> >
> 
> ahh... that works fine Gianluca!
> 
> Final question, if I have a file on the share like:
>      [john@ipaserver mountpoint]$ ll test.txt
>      -rwxr-----. 1 root admins 12 11 jan 10.42 test.txt
> 
> Should I be able to access it if I aquire an admin ticket? Currently I get
> Permission denied
> 
> [john@ipaserver mountpoint]$ id
> uid=1434400004(john) gid=1434400004(john) grupper=1434400004(john)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> 
> [john@ipaserver mountpoint]$ getfacl test.txt
> # file: test.txt
> # owner: root
> # group: admins
> user::rwx
> group::r--
> other::---
> 
> [john@ipaserver mountpoint]$ id admin
> uid=1434400000(admin) gid=1434400000(admins) groups=1434400000(admins)
> 
> [john@ipaserver mountpoint]$ klist
> Ticket cache: KEYRING:persistent:1434400004:krb_ccache_MVjxTqf
> Default principal: ad...@my.lan
> 
> Valid starting       Expires              Service principal
> 2015-01-11 10:43:52  2015-01-12 10:43:50  krbtgt/my....@my.lan
> 
> [john@ipaserver mountpoint]$ cat test.txt
> cat: test.txt: Permission denied

Looks like your account needs to be in the 'admins' group in order to
access the file.

Acquiring the admin ticket doesn't switch the user ID nor add you to the
group..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to