Bug 1394657

Summary: New groups not activated after log out and login
Product: [Fedora] Fedora Reporter: Jan Vlug <jan.public>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: abokovoy, jan.public, jhrozek, lslebodn, mzidek, pbrezina, preichl, rharwood, rstrode, sbose, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-30 08:33:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Vlug 2016-11-14 07:26:21 UTC 
When I add a user to a new group in Gnome3 and log out of Gnome and login again, the user is still not part of the group.
After rebooting the computer the user is in the new group.
I suggest that gdm somehow reloads the group information before logging a user in.
Comment 1 Ray Strode [halfline] 2016-11-21 15:23:19 UTC 
I assume this is some sort of NSS problem are you using SSSD?

(moving there for now, but it might get bounced around if you're using nscd or something else instead)
Comment 2 Lukas Slebodnik 2016-11-21 15:26:36 UTC 
Do you use sssd?

what is and output of following commands after login
id
id $current_user
Comment 3 Sumit Bose 2016-11-21 16:08:45 UTC 
Additionally the content of /etc/nsswitch.conf might be interesting. If e.g. there is 

passwd: files sss
group: files sss

but

initgroups: files

updating group-memberships might not work as expected, in this case just comment out the initgroups line.
Comment 4 Jan Vlug 2016-12-14 12:18:24 UTC 
FYI: in the meanwhile I upgraded to Fedora 25.

How can I determine whether I'm using SSSD or nscd?

The output of id and id $current_user is identical:

$id
uid=10015(vlugja) gid=15002(domain-users) groups=15002(domain-users),10(wheel),100(users),498(dockerroot),500(groupjan),15003(docker) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

id $current_user
uid=10015(vlugja) gid=15002(domain-users) groups=15002(domain-users),10(wheel),100(users),498(dockerroot),500(groupjan),15003(docker) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Excerpt from /etc/nsswitch.conf:

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files
Comment 5 Lukas Slebodnik 2017-01-04 08:14:50 UTC 
Do you have configured sssd? Do you have installed nscd?

Could you share /etc/nscd.conf and /etc/sssd/sssd.conf?
Comment 6 Jan Vlug 2017-03-30 07:29:23 UTC 
I have no access to the affected systems any more, so unfortunately I cannot provide the needed info. Feel free to close this bug if you have insufficient data to work on it.
Comment 7 Lukas Slebodnik 2017-03-30 08:33:00 UTC 
OK, feel free to reopen in future.