Red Hat Bugzilla – Bug 146258
problem when users are in more than 32 groups.
Last modified: 2007-11-30 17:07:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3)
Description of problem:
Our server is file serving for a group of 8 companies. Inherently,
the linux user security model involves user,group,others for file
access permissions and user/group ownership of files. We have
accounting people who work for multiple companies.
I, as the administrator, need to be able to do what I want such as
browse directories or files. I am in about sixty groups. Others are
in many groups too, which were added to groups with a script running a
/usr/sbin/usermod -G gid,gid,gid,gid,... loginName
This allows asigning a user to groups efficiently. We then run Samba
to expose shares at a company level with folders underneath.
IE. Samba exposes share Tecnica = /tecnica
/company (assigned to group company)
/company/accounting (assigned to group companyacctg)
/company/credit (assigned to group companycredit)
/company/marketing (assigned to group companymarketing)
Unfortunately the RHEL OS, only grabs the first 32 groups of a users'
group associations. This makes some folders(and files) inaccessible
in a very random looking fashion. I'm not sure if it is a kernel or
PAM security limitation.
I have confirmed this problem with Tech Support on 1/25/2005. This is
an unacceptable limitation for an Enterprise Level Operating System.
Please advise as to when this issue will be corrected.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add a user to more than 32 groups.
2. Run a groups command for the userid > somefilename.txt
3. Try to access a directory owned by a group exceeding the 32nd group
listed in somefilename.txt.
4. The directory will be inaccessible.
Actual Results: The directory is inaccessible.
Expected Results: The directory should be accessible.
The line above in the Bug Comments that reads:
Samba exposes share Tecnica = /tecnica
should have read Samba exposes share company = /company.
Sorry about that!
*** This bug has been marked as a duplicate of 144671 ***