2015-01-11 16:33 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>: > On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote: > > 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi <gianluca.cec...@gmail.com>: > > > > > To get the whole root environment you have to run > > > su - root > > > did you try with it? > > > > > > > ahh... that works fine Gianluca! > > > > Final question, if I have a file on the share like: > > [john@ipaserver mountpoint]$ ll test.txt > > -rwxr-----. 1 root admins 12 11 jan 10.42 test.txt > > > > Should I be able to access it if I aquire an admin ticket? Currently I > get > > Permission denied > > > > [john@ipaserver mountpoint]$ id > > uid=1434400004(john) gid=1434400004(john) grupper=1434400004(john) > > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > > [john@ipaserver mountpoint]$ getfacl test.txt > > # file: test.txt > > # owner: root > > # group: admins > > user::rwx > > group::r-- > > other::--- > > > > [john@ipaserver mountpoint]$ id admin > > uid=1434400000(admin) gid=1434400000(admins) groups=1434400000(admins) > > > > [john@ipaserver mountpoint]$ klist > > Ticket cache: KEYRING:persistent:1434400004:krb_ccache_MVjxTqf > > Default principal: ad...@my.lan > > > > Valid starting Expires Service principal > > 2015-01-11 10:43:52 2015-01-12 10:43:50 krbtgt/my....@my.lan > > > > [john@ipaserver mountpoint]$ cat test.txt > > cat: test.txt: Permission denied > > Looks like your account needs to be in the 'admins' group in order to > access the file. > > Acquiring the admin ticket doesn't switch the user ID nor add you to the > group.. > > I thought the krb5 mount option would allow ticked based access to the file. Is the purpose of the krb5 mount option just used during mounting of the share? Otherwise I see no difference compared to not using krb5 mount option!?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project