User liesl is in NIS group aimsadmrw, but shed does not get permissions with 
normal
login. However after either ssh localhost or su - liesl she does have the 
necessary group
permissions.

On lucid 64bit, LDAP client for passwords, NIS client for groups, NFS/autofs 
mounted /home.
ii  nis            3.17-31        clients and daemons for the Network Informat

li...@muizenberg:~$ grep 192 /etc/yp.conf 
ypserver 192.168.42.2
li...@muizenberg:~$ grep nis /etc/nsswitch.conf 
group:          compat nis
netgroup:       nis
li...@muizenberg:~$ grep liesl /etc/security/group.conf 
* ;:0 ;liesl ;Al0000-2400 ;aimsadmr,aimsadmrw
li...@muizenberg:~$ grep group /etc/pam.d/*|grep -v \#
/etc/pam.d/common-auth:auth    optional        pam_group.so
/etc/pam.d/gdm:auth    sufficient      pam_succeed_if.so user ingroup 
nopasswdlogin
/etc/pam.d/gdm:auth optional pam_group.so
/etc/pam.d/login:auth       optional   pam_group.so
li...@muizenberg:~$ tail -1 /etc/group
+:::
li...@muizenberg:~$ ypcat group|grep aims
aimsadmr:x:20003:jan,lynne,ike,fjwh,gudrun,aeeda,barrie,liesl,bwg,asharma
aimsadrw2:x:20005:lynne,aeeda
aimsadmrw:x:20004:liesl,aeeda # <-- liesl in group in question.
aimsr:x:900:jan,lynne,ike,fjwh,gudrun,aeeda,bwg,asharma

NOTE GROUP PERMISSIONS IN STRAIGHT GDM LOGIN FAILS; BUT AFTER SSH IT
WORKS; AFTER SU - USER IT WORKS!

li...@seychelles:/var/autofs/misc/home/liesl$ groups # WHY DOES IT SHOW SO MANY 
COPIES?
staff2009 adm adm cdrom cdrom floppy floppy audio audio video video plugdev 
plugdev aimsadmr aimsadmr aimsadmr aimsadmrw aimsadmrw aimsadmrw
li...@seychelles:/var/autofs/misc/home/liesl$ id
uid=1498(liesl) gid=509(staff2009) 
groups=4(adm),4(adm),24(cdrom),24(cdrom),25(floppy),25(floppy),29(audio),29(audio),44(video),44(video),46(plugdev),46(plugdev),509(staff2009),20003(aimsadmr),20003(aimsadmr),20003(aimsadmr),20004(aimsadmrw),20004(aimsadmrw),20004(aimsadmrw)
li...@seychelles:/var/autofs/misc/home/liesl$ touch 
/home/aeeda/Desktop/Visitors_Overview_2007.ods
touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': 
Permission denied # ARGH
li...@seychelles:/var/autofs/misc/home/liesl$ ssh li...@localhost # VIA SSH
li...@localhost's password: 
Linux seychelles 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 05:14:15 UTC 2010 
x86_64 GNU/Linux
Ubuntu 10.04.1 LTS
li...@seychelles:~$ groups 
staff2009 aimsadmr aimsadmrw
li...@seychelles:~$ id
uid=1498(liesl) gid=509(staff2009) 
groups=509(staff2009),20003(aimsadmr),20004(aimsadmrw)
li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/
li...@seychelles:~$ logout
Connection to localhost closed.
li...@seychelles:/var/autofs/misc/home/liesl$ touch 
/home/aeeda/Desktop/Visitors_Overview_2007.ods # :\
touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': 
Permission denied 
li...@seychelles:/var/autofs/misc/home/liesl$ su - liesl
Password: 
li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/
li...@seychelles:~$ 

wtf?

Probably unrelated but mentioned here for completeness.

I thought adding these were unecessary, plus they do not fix the problem:
auth    optional        pam_group.so# to gdm-autologin 
session optional pam_group.so #to common-session
account optional pam_group.so # to common-account

Also, in /var/log/kern.log this is apparently a harmless error:
svc: failed to register lockdv1 RPC service (errno 97).
can be solved by booting with kernel option ipv6.disable=1 
and that does not fix it either.

Strace and ltrace does not show much information I can recognize besides
permission denied.

Also nscd is installed but stopped for above testing.

Also the new LDAP client libs are used, libpam-ldapd and not libpam-
ldap, so nslcd is installed.

-- 
gdm does not obey NIS settings for user groups
https://bugs.launchpad.net/bugs/553142
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to