Hi everyone,
I have setup a small network using PAM+LDAP+NFS to share login
information around all the machines. Each individual user can
read+write+execute to any directories owned by their themselves and
their groups. I then created a group "users" which has all the users
subscribed - see the ldap entry below. The problem is none of the
hosts appear to recognise the 'users' group. If I do "id users" I get:
uid=506(users) gid=506(users) groups=506(users)
-- LDAP entry for group 'users'
-- member[1-5] are valid users in ldap directory
# users, Group, example.com
dn: cn=users,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: users
gidNumber: 506
memberUid: member1
memberUid: member2
memberUid: member3
memberUid: member4
memberUid: member5
Each member is part of users (id member1) :
uid=500(member1) gid=500(member1) groups=500(member1),506(users)
The public directories are all set with permissions as drwsrws--- and
files within are -rw-rw----.
For example:
-rw-rw---- 1 member2 users 7 Mar 7 08:57 test
Here member2 can read and write successfully but any other members of
users cannot - and this is the problem.
It is not an NFS problem as on the host machine of the shared
directories the problem persists, in my nsswitch.conf file I have
group: files ldap
and pam.d/system-auth is:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth
nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid <
100 quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
There are no errors messages in the logs.
Therefore the problem is "why can't members of users write to files
owned by the group 'users'?"
Thank you for any help offered.
Tom
|
Similar Threads
Linear Mode
