User liesl is in NIS group aimsadmrw, but shed does not get permissions with normal login. However after either ssh localhost or su - liesl she does have the necessary group permissions.
On lucid 64bit, LDAP client for passwords, NIS client for groups, NFS/autofs mounted /home. ii nis 3.17-31 clients and daemons for the Network Informat li...@muizenberg:~$ grep 192 /etc/yp.conf ypserver 192.168.42.2 li...@muizenberg:~$ grep nis /etc/nsswitch.conf group: compat nis netgroup: nis li...@muizenberg:~$ grep liesl /etc/security/group.conf * ;:0 ;liesl ;Al0000-2400 ;aimsadmr,aimsadmrw li...@muizenberg:~$ grep group /etc/pam.d/*|grep -v \# /etc/pam.d/common-auth:auth optional pam_group.so /etc/pam.d/gdm:auth sufficient pam_succeed_if.so user ingroup nopasswdlogin /etc/pam.d/gdm:auth optional pam_group.so /etc/pam.d/login:auth optional pam_group.so li...@muizenberg:~$ tail -1 /etc/group +::: li...@muizenberg:~$ ypcat group|grep aims aimsadmr:x:20003:jan,lynne,ike,fjwh,gudrun,aeeda,barrie,liesl,bwg,asharma aimsadrw2:x:20005:lynne,aeeda aimsadmrw:x:20004:liesl,aeeda # <-- liesl in group in question. aimsr:x:900:jan,lynne,ike,fjwh,gudrun,aeeda,bwg,asharma NOTE GROUP PERMISSIONS IN STRAIGHT GDM LOGIN FAILS; BUT AFTER SSH IT WORKS; AFTER SU - USER IT WORKS! li...@seychelles:/var/autofs/misc/home/liesl$ groups # WHY DOES IT SHOW SO MANY COPIES? staff2009 adm adm cdrom cdrom floppy floppy audio audio video video plugdev plugdev aimsadmr aimsadmr aimsadmr aimsadmrw aimsadmrw aimsadmrw li...@seychelles:/var/autofs/misc/home/liesl$ id uid=1498(liesl) gid=509(staff2009) groups=4(adm),4(adm),24(cdrom),24(cdrom),25(floppy),25(floppy),29(audio),29(audio),44(video),44(video),46(plugdev),46(plugdev),509(staff2009),20003(aimsadmr),20003(aimsadmr),20003(aimsadmr),20004(aimsadmrw),20004(aimsadmrw),20004(aimsadmrw) li...@seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied # ARGH li...@seychelles:/var/autofs/misc/home/liesl$ ssh li...@localhost # VIA SSH li...@localhost's password: Linux seychelles 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 05:14:15 UTC 2010 x86_64 GNU/Linux Ubuntu 10.04.1 LTS li...@seychelles:~$ groups staff2009 aimsadmr aimsadmrw li...@seychelles:~$ id uid=1498(liesl) gid=509(staff2009) groups=509(staff2009),20003(aimsadmr),20004(aimsadmrw) li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/ li...@seychelles:~$ logout Connection to localhost closed. li...@seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # :\ touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied li...@seychelles:/var/autofs/misc/home/liesl$ su - liesl Password: li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/ li...@seychelles:~$ wtf? Probably unrelated but mentioned here for completeness. I thought adding these were unecessary, plus they do not fix the problem: auth optional pam_group.so# to gdm-autologin session optional pam_group.so #to common-session account optional pam_group.so # to common-account Also, in /var/log/kern.log this is apparently a harmless error: svc: failed to register lockdv1 RPC service (errno 97). can be solved by booting with kernel option ipv6.disable=1 and that does not fix it either. Strace and ltrace does not show much information I can recognize besides permission denied. Also nscd is installed but stopped for above testing. Also the new LDAP client libs are used, libpam-ldapd and not libpam- ldap, so nslcd is installed. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
