Hi!
I was digging around a problem with a user not being able to access his
cdrom even though the user belongs to group cdrom (as reported by "groups
user") and the cdrom device is mode rw- group cdrom. It was immediately
clear this is a libnss-ldap issue, since the problem disappears if I add
the user to local (i.e. /etc/group) cdrom group and remove ldap from
group-line in /etc/nsswitch.conf.
Now, what I am concerned about is this. I am logged in as user "juhaj" and
~> id
uid=1000(juhaj) gid=1000(juhaj)
groups=33731,37810,4(adm),4(adm),24(cdrom),24(cdrom),29(audio),29(audio),40(src),40(src),44(video),1000(juhaj),33731,37809
~> id juhaj
uid=1000(juhaj) gid=1000(juhaj)
groups=1000(juhaj),4(adm),24(cdrom),29(audio),40(src),44(video)
These are different, why? According to man id "id" and "id
<currently logged on user>" are the same. The other command sees four
strange groups > 30000 - those are related to openafs kernel tokens and
thus are not "real" groups. The first command, however sees some groups
twice and even in a different order. Can the groups seen twice are a
result of juhaj being a member of these groups both in LDAP and
in /etc/group?
The name service is configured as (I know [SUCCESS=return] is the default,
but having been hit by changing defaults more times than I can count, I
always explicitly mention those defaults that I depend on.)
passwd: ldap [SUCCESS=return] compat
group: ldap [SUCCESS=return] compat
Can this be related to the not-able-to-access-cdrom problem and is this a
bug?
Cheers,
Juha
--
-----------------------------------------------
| Juha Jäykkä, juolja@utu.fi |
| Laboratory of Theoretical Physics |
| Department of Physics, University of Turku |
| home: http://www.utu.fi/~juolja/ |
-----------------------------------------------
Attachment:
signature.asc
Description: PGP signature