Red Hat Bugzilla – Bug 134920
Jobs only have one GID
Last modified: 2007-11-30 17:10:51 EST
Description of problem:
When launching a job as a user that belongs to several groups (e.g.
joe belongs to groups joe and users), only the primary group is
available to that job (e.g. joe, whatever is accessible by group users
but not by group joe will not be accessible to the job).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Pick a user that belongs to several groups, e.g. joe.
2. Create a crontab file in /etc/cron.d that contains something along
the lines of 0 * * * * joe /usr/bin/id.
3. When the job gets executed, you will get a mail with the output of
the id command, which will show only one GID.
I can't reproduce this problem - it works fine for me:
I created a dummy 'cronuser' account with groups cron1 and cron2:
[cronuser@locahost cronuser]$ id
Then as root:
[root@localhost ~]$ echo '* * * * * cronuser
/usr/bin/id>/tmp/cronuser.out' > /etc/cron.d/cronuser
Then after 1 minute:
[cronuser@localhost cronuser]$ ls -l /tmp/cronuser.test
-rw-r--r-- 1 cronuser cronuser 84 Oct 7 10:57 /tmp/cronuser.test
[cronuser@localhost cronuser]$ cat /tmp/cronuser.test
This works the same if as cronuser I do:
[cronuser@localhost cronuser]$ echo '* * * * * id>/tmp/cronuser.test'
So I can't see the problem .
Is your userid an NIS or LDAP user account ?
Have you edited your /etc/pam.d/crond file ?
Do you have SELinux enabled ?
(SELinux was disabled during above test).
Apparently went away with today's bunch of updates (hard to tell
which, the updates included kernel, glibc, selinux ...).
(It was normal user account, /etc/pam.d/crond was not edited, selinux
was disabled via configuration file ... guess that's mute now though.)