Boy howdy, I’m kind of scratching my head over this.
I have a directory with 770 permissions:
inger@server$> ls -ld mydir drwxrwx--- 2 root mygroup1 4096 May 22 05:27 mydir
I can’t cd into it:
inger@server$> cd mydir -bash: cd: mydir: Permission denied
Hmm, okay, I guess I’m not in the mygroup1 group, right? Wrong:
inger@server$> groups inger inger: inger [a bunch of other groups] mygroup1 mygroup2 mygroup3
…confirming with getent
inger@server$> getent group mygroup1 mygroup1:*:1903:inger,[a bunch of other users]
…Maybe there’s some mixup with the GID of mygroup1? Nope:
inger@server$> ls -nd mydir drwxrwx--- 2 0 1903 4096 May 22 05:27 mydir
If I chown the group to root:mygroup2, I can get in just fine:
inger@server$> sudo -s root@server:# chown root:mygroup2 mydir root@server:# ls -ld mydir drwxrwx--- 2 root mygroup2 4096 Aug 15 09:44 mydir root@server:# exit inger@server$> cd mydir ^^ that works
There are no special ACLs overriding normal UNIX perms:
inger@server$> getfacl mydir # file: mydir # owner: root # group: mygroup1 user::rwx group::rwx other::---
This directory doesn’t have a special NFS mount or anything – it shares a mount with other directories, none of which have this problem, but they also aren’t owned by mygroup1.
So, the problem appears to be specific to this group.
This problem was discovered this morning – members of mygroup1 could get into mydir just fine yesterday.
We manage users and groups with FreeIPA, and yesterday I added some new users to the mygroup1 group. But I added users to the mygroup2 group as well, and there are no problems with that.
Anyone have any recommendations?
Advertisement
Answer
This is a limitation with certain NFS configurations where your group memberships after the 16th group are ignored when resolving permissions. Here is a good writeup on it.