[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: id gives conflicting results

Juha Jäykkä <juhaj@iki.fi> writes:

> I was digging around a problem with a user not being able to access his
> cdrom even though the user belongs to group cdrom (as reported by
> "groups user") and the cdrom device is mode rw- group cdrom. It was
> immediately clear this is a libnss-ldap issue, since the problem
> disappears if I add the user to local (i.e. /etc/group) cdrom group and
> remove ldap from group-line in /etc/nsswitch.conf.

> Now, what I am concerned about is this. I am logged in as user "juhaj"
> and

> ~> id
> uid=1000(juhaj) gid=1000(juhaj)
> groups=33731,37810,4(adm),4(adm),24(cdrom),24(cdrom),29(audio),29(audio),40(src),40(src),44(video),1000(juhaj),33731,37809

> ~> id juhaj
> uid=1000(juhaj) gid=1000(juhaj)
> groups=1000(juhaj),4(adm),24(cdrom),29(audio),40(src),44(video)

> These are different, why? According to man id "id" and "id
> <currently logged on user>" are the same. The other command sees four
> strange groups > 30000 - those are related to openafs kernel tokens and
> thus are not "real" groups.

I wonder if the weird AFS PAG hack is corrupting the process group list in
some way.  It would be the first time I'd heard of that problem if so, but
the output does indeed look rather suspicious and AFS fiddles with the
group list (it won't as soon as the integration with the kernel keyring is
finished, since Linux *finally* provides native functionality that can
replace this technique).

Have you already reported this one to the OpenAFS lists with your kernel
version and where you got the kernel packages from?

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: