Re: id gives conflicting results

To: debian-devel@lists.debian.org
Subject: Re: id gives conflicting results
From: Brian May <bam@debian.org>
Date: Sat, 20 May 2006 12:35:03 +1000
Message-id: <[🔎] sa4d5e9a0fc.fsf@snoopy.microcomaustralia.com.au>
In-reply-to: <[🔎] 20060517113615.5f7d2ab8@noether.tfy.utu.fi> ( Juha Jäykkä's message of "Wed, 17 May 2006 11:36:15 +0300")
References: <[🔎] 20060517113615.5f7d2ab8@noether.tfy.utu.fi>

>>>>> "Juha" == Juha Jäykkä <juhaj@iki.fi> writes:

    Juha> Now, what I am concerned about is this. I am logged in as
    Juha> user "juhaj" and

    Juha> ~> id
    Juha> uid=1000(juhaj) gid=1000(juhaj)
    Juha> groups=33731,37810,4(adm),4(adm),24(cdrom),24(cdrom),29(audio),29(audio),40(src),40(src),44(video),1000(juhaj),33731,37809

    Juha> ~> id juhaj
    Juha> uid=1000(juhaj) gid=1000(juhaj)
    Juha> groups=1000(juhaj),4(adm),24(cdrom),29(audio),40(src),44(video)

    Juha> These are different, why? According to man id "id" and "id
    Juha> <currently logged on user>" are the same.


Hello,

I don't know if this is your problem or not, but the above are *not*
the same. Maybe the documentation is misleading...

The first one shows the groups that are assigned to the current
process, the second one shows the default list of groups the user will
get when logging in again.

If you change the /etc/group and change the groups a user is in, these
changes will not take affect ("id") until the user logs out and back
in again, but will show up immediately with "id username".

Similarly, it is possible to assign a process to a group even though
the user normally wouldn't have access to the group.

    Juha> The other command sees four strange groups > 30000 - those
    Juha> are related to openafs kernel tokens and thus are not "real"
    Juha> groups.

That is normal for AFS. Normally I believe AFS only uses two groups
though, something strange here.

    Juha> The first command, however sees some groups twice and even
    Juha> in a different order. Can the groups seen twice are a result
    Juha> of juhaj being a member of these groups both in LDAP and in
    Juha> /etc/group?

I am not convinced it is a good idea to define the group both on the
system and in LDAP. I prefer to keep low level system groups in
/etc/group and high level user groups in LDAP.

However, I don't think this is your issue, otherwise I would expect to
see duplicate groups from the "id username" version too.

    Juha> Can this be related to the not-able-to-access-cdrom problem
    Juha> and is this a bug?

No idea here. "id" seems to indicate you are in the cdrom group...

Try bypassing the AFS login stuff (if possible) and see if it changes
anything.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: id gives conflicting results
  - From: Juha Jäykkä <juhaj@iki.fi>

References:
- id gives conflicting results
  - From: Juha Jäykkä <juhaj@iki.fi>

Prev by Date: Re: [draft] Re: Sun Java available from non-free
Next by Date: Re: cleaning up lib*-dev packages?
Previous by thread: Re: id gives conflicting results
Next by thread: Re: id gives conflicting results
Index(es):
- Date
- Thread