Red Hat Bugzilla – Bug 134920
Jobs only have one GID
Last modified: 2007-11-30 17:10:51 EST
Description of problem: When launching a job as a user that belongs to several groups (e.g. joe belongs to groups joe and users), only the primary group is available to that job (e.g. joe, whatever is accessible by group users but not by group joe will not be accessible to the job). Version-Release number of selected component (if applicable): vixie-cron-4.1-17 How reproducible: Always Steps to Reproduce: 1. Pick a user that belongs to several groups, e.g. joe. 2. Create a crontab file in /etc/cron.d that contains something along the lines of 0 * * * * joe /usr/bin/id. 3. When the job gets executed, you will get a mail with the output of the id command, which will show only one GID.
I can't reproduce this problem - it works fine for me: I created a dummy 'cronuser' account with groups cron1 and cron2: [cronuser@locahost cronuser]$ id uid=5257(cronuser) gid=5262(cronuser) groups=5262(cronuser),5263(cron1),5264(cron2) Then as root: [root@localhost ~]$ echo '* * * * * cronuser /usr/bin/id>/tmp/cronuser.out' > /etc/cron.d/cronuser Then after 1 minute: [cronuser@localhost cronuser]$ ls -l /tmp/cronuser.test -rw-r--r-- 1 cronuser cronuser 84 Oct 7 10:57 /tmp/cronuser.test [cronuser@localhost cronuser]$ cat /tmp/cronuser.test uid=5257(cronuser) gid=5262(cronuser) groups=5262(cronuser),5263(cron1),5264(cron2) This works the same if as cronuser I do: [cronuser@localhost cronuser]$ echo '* * * * * id>/tmp/cronuser.test' | crontab So I can't see the problem . Is your userid an NIS or LDAP user account ? Have you edited your /etc/pam.d/crond file ? Do you have SELinux enabled ? (SELinux was disabled during above test).
Apparently went away with today's bunch of updates (hard to tell which, the updates included kernel, glibc, selinux ...). (It was normal user account, /etc/pam.d/crond was not edited, selinux was disabled via configuration file ... guess that's mute now though.)