Hi,
I was hoping someone on this list might be able to help.
I'm getting permission denied when trying to access a directory owned by root,
but with group that I'm a member of.
I'm getting: -bash: cd: testdir: Permission denied
I have the following scenario:
Running CentOS Linux release 7.6.1810 and sssd 1.16.5
I have a mount set up /data/testdir
As root, I chown/chmod testdir:
Chown root:testgrpa testdir
Chmod 770 testdir
When I log in as user1, I currently can't cd into /data/testdir
It gives:
-bash: cd: testdir: Permission denied
user1 is a member of testgrpa:
OUTPUT of id user1:
uid=129371342(user1) gid=129371342(user1) groups=129371342(user1)
,29042750285(group1),1435459822(group2),3456349245(group3),......,239705249(testgrpa)
OUTPUT of getent group testgrpa:
testgrpa:*: 239705249:user1,user2,user2,user4,.....,user50
CONTENTS OF Sssd.conf:
[sssd]
config_file_version = 2
services = nss,pam
domains = dept.domain.com
[nss]
filter_users = root
filter_groups = root
[pam]
[domain/dept.domai.com]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_use_tokengroups = false
enumerate = false
cache_credentials = True
case_sensitive = false
ignore_group_members = false
auto_private_groups = true
ldap_schema = ad
ldap_uri = ldaps://ldapsserver.dept.domain.com:636
ldap_user_search_base = dc=ad,dc=dept,dc=domain,dc=com
ldap_group_search_base = OU=Security
Groups,OU=Groups,dc=ad,dc=dept,dc=domain,dc=com?sub?(|(cn=domain
users)(cn=testgrpa))
ldap_referrals = False
ldap_group_nesting_level = 3
ldap_tls_reqcert = allow
ldap_tls_cacertdir = /etc/sssd
ldap_use_tokengroups = True
ldap_id_mapping = True
override_homedir = /mnt/exports/shared/home/%u
fallback_homedir = /shared/home/%u
default_shell = /bin/bash
ldap_access_order = filter, expire
ldap_account_expire_policy = ad
ldap_access_filter = (|(memberOf=cn=testgrpa,OU=Security
Groups,OU=Groups,DC=ad,DC=dept,DC=domain,DC=com))
ldap_default_bind_dn = <service account>
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = <authtok>
Thanks,
Paul T
________________________________
UCLA HEALTH SCIENCES IMPORTANT WARNING: This email (and any attachments) is
only intended for the use of the person or entity to which it is addressed, and
may contain information that is privileged and confidential. You, the
recipient, are obligated to maintain it in a safe, secure and confidential
manner. Unauthorized redisclosure or failure to maintain confidentiality may
subject you to federal and state penalties. If you are not the intended
recipient, please immediately notify us by return email, and delete this
message from your computer.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
