LDAP groups not applying to filesystem permissions
Posted
by
BeepDog
on Server Fault
See other posts from Server Fault
or by BeepDog
Published on 2013-10-22T15:32:02Z
Indexed on
2013/10/22
15:56 UTC
Read the original article
Hit count: 245
System is ArchLinux, and I'm using nss-pam-ldapd (0.8.13-4) to connect myself to ldap.
I've got my users and some groups in LDAP:
[root@kain tmp]# getent group
<localgroups snipped>
dkowis:*:10000:
mp3s:*:15000:rkowis,dkowis
music:*:15002:rkowis,dkowis
video:*:15003:transmission,rkowis,dkowis,sickbeard
software:*:15004:rkowis,dkowis
pictures:*:15005:rkowis,dkowis
budget:*:15006:rkowis,dkowis
rkowis:*:10001:
And I have some directories that are setgid video
so that the video group stays, and they're configured g=rwx so that members of the video
group can write to them:
[root@kain video]# ls -ld /srv/video
drwxrwxr-x 8 root video 208 Oct 19 20:49 /srv/video
However, members of that group, say dkowis
cannot write into that directory:
[root@kain video]# groups dkowis
mp3s music video software pictures dkowis
Total number of groups that dkowis is in is like 7, I redacted a few here.
[dkowis@kain wat]$ cd /srv/video
[dkowis@kain video]$ touch something
touch: cannot touch 'something': Permission denied
[dkowis@kain video]$ groups
dkowis mp3s music video software pictures
I'm at a loss as to why my groups show up in getent groups
, but my filesystem permissions are not being respected. I've tried making a new directory in /tmp
and setting it's group permissions to rwx, and then trying to write a file in there, it doesn't work. The only time it does work is if I open it wide up allowing o=rwx. That's obviously not what I want, and I'm not able to figure out what my missing piece is.
Thanks in advance.
© Server Fault or respective owner