That is the tricky part. "id $problem_user" returns old group membership if being run from the user's own terminal and session. It returns correct membership if being run from a different user's terminal "newgrp $new_group" works always (does not ask for a password) regardless of the terminal. But having to run newgrp all the time is bit obstacle. They need to see the correct group memberhip immediately in order to access NFS shares.
Ondrej -----Original Message----- From: Lukas Slebodnik [mailto:[email protected]] Sent: 10 February 2016 08:43 To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: user group mebmership On (09/02/16 12:02), Ondrej Valousek wrote: >Hi List, > >Just a strange cache-like issue. When I add user to a certain group, he does >not see his group membership updated (via 'id -a') until he closes his X >session (+ all processes terminated) and starts a fresh new one. id $current_user should return right results IIRC. >Probably not directly related to SSSD as I can see his groups updated in a >matter of minutes. >Is there anything we could do to address this? Sometimes even starting new >shell does not help - it is bit frustrating having to start a complete new >session. > Following manula page should help you. man 1 newgrp Small example https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#using-libvirt-from-vagrant-without-password-prompts LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: [email protected]. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
