1834465 Members
3250 Online
110067 Solutions
New Discussion

group permissions denied

 
SOLVED
Go to solution
V. Nyga
Honored Contributor

group permissions denied

Hi,

I have users which are in the 'primary' group users. 'Primary' group is defined in SAM.
I have added user to a second group catia.
And a directory with rwx permissions for group catia.
But user can't create a file in this dir.
What's wrong?

With rwx permissions for world it's ok!

HP-UX 10.20
NIS domain
NFS dirs

Volkmar

*** Say 'Thanks' with Kudos ***
17 REPLIES 17
steven Burgess_2
Honored Contributor

Re: group permissions denied

Hi Volkmar

Have you su'd to that user and double checked there groups ?

:/home/sburgess/sysadmin $ groups
admin

Steve
take your time and think things through
Pete Randall
Outstanding Contributor

Re: group permissions denied

With NIS and NFS involved, it gets a bit more complicated. Have the NIS maps been pushed? Is the NFS server aware of this new group?


Pete

Pete
V. Nyga
Honored Contributor

Re: group permissions denied

Hi Steven,

# group


NOTHING!! 8-((

Hi Pete,

yet made yppush

Volkmar

Back in 20 min.
*** Say 'Thanks' with Kudos ***
Olav Baadsvik
Esteemed Contributor
Solution

Re: group permissions denied


Hello,

On hp-ux 10.20 you will need to have
the file /etc/logingroup to get this to
work.

create a link named /etc/logingroup pointing
to /etc/group

Regards
Olav

Robert-Jan Goossens
Honored Contributor

Re: group permissions denied

Hi Volkmar,

check /etc/group

# groups user

# grep user /etc/group

# ypcat group | grep user

Did you add a local user or a user on the NIS master plus local user ?

Robert-Jan.
V. Nyga
Honored Contributor

Re: group permissions denied

Hi Olav,

where should I do this server? client?
I've tested 5 workstations now - no with this logingroup link - but two clients shows all groups right, two shows only one group (the primary) for ex. the NIS server, one shows nothing (here I changed the group file last week - I deleted the lokal groups and users and set the '+' in the last line for NIS client).

Newest: I've rebooted one client which showed all groups - now I can't login anymore (beside rlogin with root)!
ypwhich shows: cad19 - but this is only a client (and the backup server), not the primary NIS server. How can I direct it to the primary server?

Volkmar
*** Say 'Thanks' with Kudos ***
Balaji N
Honored Contributor

Re: group permissions denied

1.see if the id command lists all the group.
id username
2. see groups command
groups username.
3. we had similar problems earlier in a NIS environment with secondary groups. what we did was to use the newgrp and then try accessing such files.

newgrp
4. curiously, this problems was reported when a person uses Exceed (in XDCMP broadcast) to login to the machine. If he does telnet or a rlogin, he never had this problem. couldn't investigate further at that moment. need to check if this problem still persists, or if there was some patch installed which fixed this issue.

regards
balaji



Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
V. Nyga
Honored Contributor

Re: group permissions denied

Hi Rob,

'groups user' shows all groups
'groups' only shows one group

HELP
*** Say 'Thanks' with Kudos ***
V. Nyga
Honored Contributor

Re: group permissions denied

Hi again Rob,

# grep user /etc/group
and
# ypcat group | grep user
shows all groups.

Hi Balaji,

I also used Exceed supplementing the groups.

Volkmar
*** Say 'Thanks' with Kudos ***
Robert-Jan Goossens
Honored Contributor

Re: group permissions denied

Hi Volmar,

Just a quick one,

how long is your line in group file on your nis master ?

Robert-Jan.
Yogeeraj_1
Honored Contributor

Re: group permissions denied

hi,

in /etc/group

add the user to the secondary group you mentioned above.

e.g.
...
catia::104:newuser
...


then check using command:
id newuser

should give:
e.g.
uid=128(newuser) gid=20(users) groups=104(catia)

hope this helps!

Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
V. Nyga
Honored Contributor

Re: group permissions denied

Hi Rob,

primary group is about 150 letter, the other 54.

Yogeeraj,

I've reconfigurated second group at the server itself - nothing changed at the server. Only primary group is shown.

Volkmar

*** Say 'Thanks' with Kudos ***
V. Nyga
Honored Contributor

Re: group permissions denied

At the NIS server:

'groups'
users
'groups user'
users catia engdat
'id user'
uid=257(user) gid=22(users)

No write permissions for dir.

???
V.

*** Say 'Thanks' with Kudos ***
Balaji N
Honored Contributor

Re: group permissions denied

are u able to use newgrp group name and after that able to create files?
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
V. Nyga
Honored Contributor

Re: group permissions denied

Hi Balaji,

yes, creating is allowed now.
But still:
'groups'
users

V.
*** Say 'Thanks' with Kudos ***
Balaji N
Honored Contributor

Re: group permissions denied

hi
was so stupid. should have read the man pages. never did.

see if this helps.


+++++++++++++++++++++++
groups(1)

NAME
groups - show group memberships

SYNOPSIS
groups [-p] [-g] [-l] [user]

DESCRIPTION
groups shows the groups to which the caller or the optionally
specified user belong. If invoked with no arguments, groups prints
the current access list returned by getgroups() (see getgroups(2)).

Each user belongs to a group specified in the password file
/etc/passwd and possibly to other groups as specified in the files
/etc/group and /etc/logingroup. A user is granted the permissions of
those groups specified in /etc/passwd and /etc/logingroup at login
time. The permissions of the groups specified in /etc/group are
normally available only with the use of newgrp (see newgrp(1)). If a
user name is specified with no options, groups prints the union of all
these groups.

++++++++++++++++++

and i dont think /etc/logingroup is default supported by NIS.

hth
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
V. Nyga
Honored Contributor

Re: group permissions denied

Thanks all!

Olav was right.
And thanks Balaji for refering groups.
I read it myself but I thought there must be something else. But I irritated myself: the only clients where 'groups' give all groups without the logingroup file were UX11 clients.

For 10.20 the logingroup file must exist at the client.

Thanks again
Volkmar
*** Say 'Thanks' with Kudos ***