Re: Group permissions are broken?

2011-08-16 Thread Ruben de Groot
On Mon, Aug 15, 2011 at 05:39:31PM -0700, Yuri typed:
 On 08/15/2011 13:10, Dan Nelson wrote:
 As a sanity check, what is the output of the groups command?  If you
 recently edited /etc/group, maybe you need to log out and back in to a
 credential with the new group list?
 
 Reboot cured the problem.

Reboot is a very rigourous way to log out and back in again. You should
have tried that first.

 Is this because some other command should be run to enable /etc/group 
 changes?

No. Just loggin out and back in

 Is it cached somewhere?

No

Ruben
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Chuck Swiger
Hi--

On Aug 15, 2011, at 1:06 PM, Yuri wrote:
 Why does this error occur? Two groups seem identical. Just different group 
 ids.
 
 Filesystem is UFS: /dev/ad10s1a on / (ufs, NFS exported, local)

How many groups is user john in?
There's a limit of MAXGROUPS = 16.

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Dan Nelson
In the last episode (Aug 15), Yuri said:
 User john is a member of both webcamd and vboxusers:
 # grep john /etc/group
 webcamd:*:145:john
 vboxusers:*:920:john
 
 When the file /tmp/my-test is owned by webcamd, user john can touch it ok:
 $ ls -l /tmp/my-test ; touch  /tmp/my-test
 -rw-rw  1 vboxusers  vboxusers  0 Aug 15 12:54 /tmp/my-test
 
 But when /tmp/my-test is owned by webcamd, user john gets an error:
 $ ls -l /tmp/my-test ; touch  /tmp/my-test
 -rw-rw  1 webcamd  webcamd  0 Aug 15 13:02 /tmp/my-test
 touch: /tmp/my-test: Permission denied
 
 Why does this error occur? Two groups seem identical. Just different group
 ids.

 Filesystem is UFS: /dev/ad10s1a on / (ufs, NFS exported, local)

As a sanity check, what is the output of the groups command?  If you
recently edited /etc/group, maybe you need to log out and back in to a
credential with the new group list?

-- 
Dan Nelson
dnel...@allantgroup.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Yuri

On 08/15/2011 13:09, Chuck Swiger wrote:

How many groups is user john in?
There's a limit of MAXGROUPS = 16.




john is a member of only 3 groups, users, webcamd and vboxusers.

Yuri
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Michael Sierchio
On Mon, Aug 15, 2011 at 1:06 PM, Yuri y...@rawbw.com wrote:
 User john is a member of both webcamd and vboxusers:
 # grep john /etc/group
 webcamd:*:145:john
 vboxusers:*:920:john

 When the file /tmp/my-test is owned by webcamd, user john can touch it ok:
 $ ls -l /tmp/my-test ; touch  /tmp/my-test
 -rw-rw  1 vboxusers  vboxusers  0 Aug 15 12:54 /tmp/my-test

 But when /tmp/my-test is owned by webcamd, user john gets an error:
 $ ls -l /tmp/my-test ; touch  /tmp/my-test
 -rw-rw  1 webcamd  webcamd  0 Aug 15 13:02 /tmp/my-test
 touch: /tmp/my-test: Permission denied

 Why does this error occur? Two groups seem identical. Just different group
 ids.

/tmp has the sticky bit set.  man 8 sticky
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Yuri

On 08/15/2011 13:10, Dan Nelson wrote:

As a sanity check, what is the output of the groups command?  If you
recently edited /etc/group, maybe you need to log out and back in to a
credential with the new group list?

$ groups john
users webcamd vboxusers
$ touch /tmp/my-test
touch: /tmp/my-test: Permission denied
$ ls -l /tmp/my-test
-rw-rw  1 webcamd  webcamd  0 Aug 15 13:02 /tmp/my-test

Puzzle.

Yuri
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Yuri

On 08/15/2011 13:10, Dan Nelson wrote:

As a sanity check, what is the output of the groups command?  If you
recently edited /etc/group, maybe you need to log out and back in to a
credential with the new group list?


Reboot cured the problem.
Is this because some other command should be run to enable /etc/group 
changes?

Is it cached somewhere?

Yuri
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread perryh
Michael Sierchio ku...@tenebras.com wrote:
 On Mon, Aug 15, 2011 at 1:06 PM, Yuri y...@rawbw.com wrote:
  User john is a member of both webcamd and vboxusers:
  # grep john /etc/group
  webcamd:*:145:john
  vboxusers:*:920:john
 
  When the file /tmp/my-test is owned by webcamd, user john can
  touch it ok:
  $ ls -l /tmp/my-test ; touch ?/tmp/my-test
  -rw-rw ?1 vboxusers ?vboxusers ?0 Aug 15 12:54 /tmp/my-test
 
  But when /tmp/my-test is owned by webcamd, user john gets an
  error:
  $ ls -l /tmp/my-test ; touch ?/tmp/my-test
  -rw-rw ?1 webcamd ?webcamd ?0 Aug 15 13:02 /tmp/my-test
  touch: /tmp/my-test: Permission denied
 
  Why does this error occur? Two groups seem identical. Just
  different group ids.

 /tmp has the sticky bit set.  man 8 sticky

On my 8.1 system, sticky(8) says:

  A directory whose `sticky bit' is set becomes ... a directory in
  which the _deletion_ of files is restricted.  A file in a sticky
  directory may only be _removed_ or _renamed_ if ...

[emphasis added]

Nothing there about the sticky bit changing the permissions required
to _overwrite_ a file, which is the subject of the current inquiry.

Even if the sticky bit _did_ have some effect on overwriting a file,
how would that explain the _different_ behavior of the two cases shown?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Group permissions are broken?

2011-08-15 Thread Yuri

On 08/16/2011 01:32, per...@pluto.rain.com wrote:

On my 8.1 system, sticky(8) says:

   A directory whose `sticky bit' is set becomes ... a directory in
   which the_deletion_  of files is restricted.  A file in a sticky
   directory may only be_removed_  or_renamed_  if ...

[emphasis added]

Nothing there about the sticky bit changing the permissions required
to_overwrite_  a file, which is the subject of the current inquiry.

Even if the sticky bit_did_  have some effect on overwriting a file,
how would that explain the_different_  behavior of the two cases shown?


Actually, sticky has nothing to do with this. I originally spotted the 
problem on one device under /dev/ and later just made an example under 
tmp. Same behavior was for any other directory.

I still can't get why this happened.

Yuri
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org