Re: id gives conflicting results

Fri, 19 May 2006 19:52:23 -0700 

>>>>> "Juha" == Juha Jäykkä <[EMAIL PROTECTED]> writes:

    Juha> Now, what I am concerned about is this. I am logged in as
    Juha> user "juhaj" and

    Juha> ~> id
    Juha> uid=1000(juhaj) gid=1000(juhaj)
    Juha> 
groups=33731,37810,4(adm),4(adm),24(cdrom),24(cdrom),29(audio),29(audio),40(src),40(src),44(video),1000(juhaj),33731,37809

    Juha> ~> id juhaj
    Juha> uid=1000(juhaj) gid=1000(juhaj)
    Juha> groups=1000(juhaj),4(adm),24(cdrom),29(audio),40(src),44(video)

    Juha> These are different, why? According to man id "id" and "id
    Juha> <currently logged on user>" are the same.


Hello,

I don't know if this is your problem or not, but the above are *not*
the same. Maybe the documentation is misleading...

The first one shows the groups that are assigned to the current
process, the second one shows the default list of groups the user will
get when logging in again.

If you change the /etc/group and change the groups a user is in, these
changes will not take affect ("id") until the user logs out and back
in again, but will show up immediately with "id username".

Similarly, it is possible to assign a process to a group even though
the user normally wouldn't have access to the group.

    Juha> The other command sees four strange groups > 30000 - those
    Juha> are related to openafs kernel tokens and thus are not "real"
    Juha> groups.

That is normal for AFS. Normally I believe AFS only uses two groups
though, something strange here.

    Juha> The first command, however sees some groups twice and even
    Juha> in a different order. Can the groups seen twice are a result
    Juha> of juhaj being a member of these groups both in LDAP and in
    Juha> /etc/group?

I am not convinced it is a good idea to define the group both on the
system and in LDAP. I prefer to keep low level system groups in
/etc/group and high level user groups in LDAP.

However, I don't think this is your issue, otherwise I would expect to
see duplicate groups from the "id username" version too.

    Juha> Can this be related to the not-able-to-access-cdrom problem
    Juha> and is this a bug?

No idea here. "id" seems to indicate you are in the cdrom group...

Try bypassing the AFS login stuff (if possible) and see if it changes
anything.
-- 
Brian May <[EMAIL PROTECTED]>

Reply via email to