Boy howdy, I’m kind of scratching my head over this.
I have a directory with 770 permissions:
inger@server$> ls -ld mydir drwxrwx--- 2 root mygroup1 4096 May 22 05:27 mydir
I can’t cd
into it:
inger@server$> cd mydir -bash: cd: mydir: Permission denied
Hmm, okay, I guess I’m not in the mygroup1
group, right? Wrong:
inger@server$> groups inger inger: inger [a bunch of other groups] mygroup1 mygroup2 mygroup3
…confirming with getent
inger@server$> getent group mygroup1 mygroup1:*:1903:inger,[a bunch of other users]
…Maybe there’s some mixup with the GID of mygroup1
? Nope:
inger@server$> ls -nd mydir drwxrwx--- 2 0 1903 4096 May 22 05:27 mydir
If I chown the group to root:mygroup2
, I can get in just fine:
inger@server$> sudo -s root@server:# chown root:mygroup2 mydir root@server:# ls -ld mydir drwxrwx--- 2 root mygroup2 4096 Aug 15 09:44 mydir root@server:# exit inger@server$> cd mydir ^^ that works
There are no special ACLs overriding normal UNIX perms:
inger@server$> getfacl mydir # file: mydir # owner: root # group: mygroup1 user::rwx group::rwx other::---
This directory doesn’t have a special NFS mount or anything – it shares a mount with other directories, none of which have this problem, but they also aren’t owned by mygroup1
.
So, the problem appears to be specific to this group.
This problem was discovered this morning – members of mygroup1
could get into mydir
just fine yesterday.
We manage users and groups with FreeIPA, and yesterday I added some new users to the mygroup1
group. But I added users to the mygroup2
group as well, and there are no problems with that.
Anyone have any recommendations?
Advertisement
Answer
This is a limitation with certain NFS configurations where your group memberships after the 16th group are ignored when resolving permissions. Here is a good writeup on it.