Bug 642412

Summary: SSSD initgroups does not behave as expected
Product: Red Hat Enterprise Linux 6 Reporter: Benjamin Kahn <bkahn>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.0CC: benl, dpal, fnadge, grajaiya, jgalipea, mkhusid, myllynen, pep, pm-eus, sgallagh
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.2.1-28.el6_0.1 Doc Type: Bug Fix
Doc Text:
Previously, users would not always be assigned to all initgroups for which they were a member in LDAP. This could cause several issues related to group-based permissions. With this update, the initgroups() call always returns all groups for the specified user.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-10 19:12:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 633487    
Bug Blocks:    

Description Benjamin Kahn 2010-10-12 20:31:49 UTC 
This bug has been copied from bug #633487 and has been proposed
to be backported to 6.0 z-stream (EUS).
Comment 8 errata-xmlrpc 2010-11-10 19:12:40 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0852.html
Comment 9 Florian Nadge 2011-01-03 11:19:57 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, users would not always be assigned to all initgroups for which they were a member in LDAP. This could cause several issues related to group-based permissions. With this update, the initgroups() call always returns all groups for the specified user.