| 2009-08-05 15:11:56 |
Odin Hørthe Omdal |
description |
I´m using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.
Code:
root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
root@machine:/home/user# su - user
user@machine:~$ groups
users secret
user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied
But it works if I change the group to primary by hand with newgrp:
Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt
But my users cannot be expected to do this!
The server where the real files are held (the NFS server) do not know anything about users. And it shouldn´t, it´s only job is to export files via NFS and do backups.
Description: Ubuntu karmic (development branch)
Release: 9.10
I'm truly brushed off my feet, I didn't know our server ran karmic (!!!), I don't know what the other sysadmin was thinking. Anyway, it may very well be related to that. |
I´m using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.
Code:
root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
root@machine:/home/user# su - user
user@machine:~$ groups
users secret
user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied
But it works if I change the group to primary by hand with newgrp:
Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt
But my users cannot be expected to do this!
The server where the real files are held (the NFS server) do not know anything about users. And it shouldn´t, it´s only job is to export files via NFS and do backups.
I've tested this on clients: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: 9.04 Jaunty.
|
|
