Here is something really weird: I have a system with 31 normal user accounts. The system is debian sarge with the 1.3.81 packages from experimental on kernel-image-2.6.8-2-686. In /etc/group, I usually add all of these users to the floppy, cdrom, video and audio group. I had some strange issues with cd burning as non-root users which seem to be related to the openafs kernel module. Here is what happens: When I add those 31 users _only_ to the audio and cdrom group, the following thing will work just fine:
weissmies:~# cat /tmp/testsh #!/bin/sh echo "Hello world!" weissmies:~# ls -l /tmp/testsh -rwxr-x--- 1 root cdrom 30 May 10 14:19 /tmp/testsh weissmies:~# ls -ln /tmp/testsh -rwxr-x--- 1 0 24 30 May 10 14:19 /tmp/testsh weissmies:~# /tmp/testsh Hello world! weissmies:~# logout Connection to weissmies closed. [EMAIL PROTECTED]:~$ id -G 277 34050 41333 24 29 [EMAIL PROTECTED]:~$ /tmp/testsh Hello world! So the executable belongs to the cdrom group and is suid root. User christia belongs to that group (numeric gid 24). The permissions are exactly those of the cdrecord binary on my system - this is how I originally noticed there was a problem. However, if I add those 31 users to one other group (say, the floppy group), running the small script will fail with [EMAIL PROTECTED]:~$ /tmp/testsh bash: /tmp/testsh: Permission denied If I do not load the openafs module at boot, I do not have these problems. Only after the modules is loaded and the user logs out and in again, I start seeing this issues. I also do not see this problem at all with the same packages and kernel-image-2.4.27-2-686. So I assume this has to do with the setgroups hook for PAGs in the 2.6 code. I also noticed that it does not seem to matter how many users I put into one of these groups. For the problem to occur, it is sufficient for that one user to be a member of more than two of those additional groups. Maybe somebody can comment... Best regards, Christian PS: In fact, the group entries come from ldap, but I have verified that the behaviour is exactly the same if I use local entries in /etc/group. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
