UNCLASSIFIED Hi all,
I'll put in my 2c for debugging this issue: 1. It could be a typo in his group memebership. If the delimeter that someone has typed is a strange unprintable character, then perhaps the group utilities are not robust enough to continue to show the list. Suggest delete him from all groups and re-add him again. 2. permissions are wrong on the group table for him. Try getting him to change his password and see if any permission denied messages show up. I've seen this on our NIS+ tables when we used to run NIS+. 3. group limit. He might be more than 16 groups. Doubtful for this issue, but it's on my debug list. 4. local groups interferring with LDAP groups. I just checked myself, and I'm in group wheel (0) in LDAP, but it shows up as root with id -a (I run solaris). Something might be confused here. And it's interesting that the next entry in your list is wheel. Perhaps remove him from the wheel group and place the group last on the list if you can. We use this trick for the group limit. Greg. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Patrick Cable Sent: Thursday, 30 June 2011 1:04 AM To: LOPSA Technical Discussions Subject: [lopsa-tech] Unix Group Weirdness This one's probably pretty simple -- but the exact phrase to google for is, well, elusive to me. So, when I 'su' or 'su -' to a user's account, all his groups show up. [root@user ~]# su - juser user:/home/juser> groups stapusr wheel p2218808 p10022 pdk dfpa_general p1418 qds But apparently, when the user logs in, he only sees his primary group (which linux sees as stapusr but whatever) user:/home/juser> groups stapusr This is on RHEL5.5 and using gnome-terminal. Groups and users are on LDAP - getent group shows correct group access, etc. I turned NSCD off just to make sure it wasnt a broken cache. His gnome-terminal profile is configured to use his shell as a login shell. What obvious simple thing am I missing here? _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
