Hi List,
Just a strange cache-like issue. When I add user to a certain group, he does not see his group membership updated (via 'id -a') until he closes his X session (+ all processes terminated) and starts a fresh new one. Probably not directly related to SSSD as I can see his groups updated in a matter of minutes. Is there anything we could do to address this? Sometimes even starting new shell does not help - it is bit frustrating having to start a complete new session.
Thanks, Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
On (09/02/16 12:02), Ondrej Valousek wrote:
Hi List,
Just a strange cache-like issue. When I add user to a certain group, he does not see his group membership updated (via 'id -a') until he closes his X session (+ all processes terminated) and starts a fresh new one.
id $current_user should return right results IIRC.
Probably not directly related to SSSD as I can see his groups updated in a matter of minutes. Is there anything we could do to address this? Sometimes even starting new shell does not help - it is bit frustrating having to start a complete new session.
Following manula page should help you. man 1 newgrp
Small example https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#using...
LS
That is the tricky part. "id $problem_user" returns old group membership if being run from the user's own terminal and session. It returns correct membership if being run from a different user's terminal "newgrp $new_group" works always (does not ask for a password) regardless of the terminal. But having to run newgrp all the time is bit obstacle. They need to see the correct group memberhip immediately in order to access NFS shares.
Ondrej
-----Original Message----- From: Lukas Slebodnik [mailto:lslebodn@redhat.com] Sent: 10 February 2016 08:43 To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: user group mebmership
On (09/02/16 12:02), Ondrej Valousek wrote:
Hi List,
Just a strange cache-like issue. When I add user to a certain group, he does not see his group membership updated (via 'id -a') until he closes his X session (+ all processes terminated) and starts a fresh new one.
id $current_user should return right results IIRC.
Probably not directly related to SSSD as I can see his groups updated in a matter of minutes. Is there anything we could do to address this? Sometimes even starting new shell does not help - it is bit frustrating having to start a complete new session.
Following manula page should help you. man 1 newgrp
Small example https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#using...
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
On Wed, Feb 10, 2016 at 08:49:55AM +0000, Ondrej Valousek wrote:
That is the tricky part. "id $problem_user" returns old group membership if being run from the user's own terminal and session. It returns correct membership if being run from a different user's terminal "newgrp $new_group" works always (does not ask for a password) regardless of the terminal. But having to run newgrp all the time is bit obstacle. They need to see the correct group memberhip immediately in order to access NFS shares.
Maybe this paragraph from the id info page helps:
""" Primary and supplementary groups for a process are normally inherited from its parent and are usually unchanged since login. This means that if you change the group database after logging in, ‘id’ will not reflect your changes within your existing login session. Running ‘id’ with a user argument causes the user and group database to be consulted afresh, and so will give a different result. """
I guess 'with a user argument' really means for a different user because as already said with the current user name id will shortcut to list only the group memberships of the current session.
bye Sumit
Ondrej
-----Original Message----- From: Lukas Slebodnik [mailto:lslebodn@redhat.com] Sent: 10 February 2016 08:43 To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: user group mebmership
On (09/02/16 12:02), Ondrej Valousek wrote:
Hi List,
Just a strange cache-like issue. When I add user to a certain group, he does not see his group membership updated (via 'id -a') until he closes his X session (+ all processes terminated) and starts a fresh new one.
id $current_user should return right results IIRC.
Probably not directly related to SSSD as I can see his groups updated in a matter of minutes. Is there anything we could do to address this? Sometimes even starting new shell does not help - it is bit frustrating having to start a complete new session.
Following manula page should help you. man 1 newgrp
Small example https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#using...
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org