On Wed, Feb 10, 2016 at 08:49:55AM +0000, Ondrej Valousek wrote: > That is the tricky part. > "id $problem_user" returns old group membership if being run from the user's > own terminal and session. It returns correct membership if being run from a > different user's terminal > "newgrp $new_group" works always (does not ask for a password) regardless of > the terminal. But having to run newgrp all the time is bit obstacle. They > need to see the correct group memberhip immediately in order to access NFS > shares.
Maybe this paragraph from the id info page helps: """ Primary and supplementary groups for a process are normally inherited from its parent and are usually unchanged since login. This means that if you change the group database after logging in, ‘id’ will not reflect your changes within your existing login session. Running ‘id’ with a user argument causes the user and group database to be consulted afresh, and so will give a different result. """ I guess 'with a user argument' really means for a different user because as already said with the current user name id will shortcut to list only the group memberships of the current session. bye Sumit > > Ondrej > > -----Original Message----- > From: Lukas Slebodnik [mailto:[email protected]] > Sent: 10 February 2016 08:43 > To: End-user discussions about the System Security Services Daemon > <[email protected]> > Subject: [SSSD-users] Re: user group mebmership > > On (09/02/16 12:02), Ondrej Valousek wrote: > >Hi List, > > > >Just a strange cache-like issue. When I add user to a certain group, he does > >not see his group membership updated (via 'id -a') until he closes his X > >session (+ all processes terminated) and starts a fresh new one. > > id $current_user should return right results IIRC. > > >Probably not directly related to SSSD as I can see his groups updated in a > >matter of minutes. > >Is there anything we could do to address this? Sometimes even starting new > >shell does not help - it is bit frustrating having to start a complete new > >session. > > > Following manula page should help you. > man 1 newgrp > > Small example > https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#using-libvirt-from-vagrant-without-password-prompts > > LS > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] > > ----- > > The information contained in this e-mail and in any attachments is > confidential and is designated solely for the attention of the intended > recipient(s). If you are not an intended recipient, you must not use, > disclose, copy, distribute or retain this e-mail or any part thereof. If you > have received this e-mail in error, please notify the sender by return e-mail > and delete all copies of this e-mail from your computer system(s). Please > direct any additional queries to: [email protected]. Thank You. > Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. > 378073. Registered Office: South County Business Park, Leopardstown, Dublin > 18. > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
