2015-01-11 16:33 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>:

> On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
> > 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi <gianluca.cec...@gmail.com>:
> >
> > > To get the whole root environment you have to run
> > > su - root
> > > did you try with it?
> > >
> >
> > ahh... that works fine Gianluca!
> >
> > Final question, if I have a file on the share like:
> >      [john@ipaserver mountpoint]$ ll test.txt
> >      -rwxr-----. 1 root admins 12 11 jan 10.42 test.txt
> >
> > Should I be able to access it if I aquire an admin ticket? Currently I
> get
> > Permission denied
> >
> > [john@ipaserver mountpoint]$ id
> > uid=1434400004(john) gid=1434400004(john) grupper=1434400004(john)
> > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >
> > [john@ipaserver mountpoint]$ getfacl test.txt
> > # file: test.txt
> > # owner: root
> > # group: admins
> > user::rwx
> > group::r--
> > other::---
> >
> > [john@ipaserver mountpoint]$ id admin
> > uid=1434400000(admin) gid=1434400000(admins) groups=1434400000(admins)
> >
> > [john@ipaserver mountpoint]$ klist
> > Ticket cache: KEYRING:persistent:1434400004:krb_ccache_MVjxTqf
> > Default principal: ad...@my.lan
> >
> > Valid starting       Expires              Service principal
> > 2015-01-11 10:43:52  2015-01-12 10:43:50  krbtgt/my....@my.lan
> >
> > [john@ipaserver mountpoint]$ cat test.txt
> > cat: test.txt: Permission denied
>
> Looks like your account needs to be in the 'admins' group in order to
> access the file.
>
> Acquiring the admin ticket doesn't switch the user ID nor add you to the
> group..
>
>
I thought the krb5 mount option would allow ticked based access to the
file.
Is the purpose of the krb5 mount option just used during mounting of the
share? Otherwise I see no difference compared to not using krb5 mount
option!?

-- john
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to