Description of problem:

Mock fails to run if user is in a group that is member of group mock.

We are using ldap for account management and have a couple of servers on which groups of people are allowed to run mock builds. In the past it was sufficient to modify /etc/pam.d/mock and add some ACLs on /var/lib/mock.

In our setup user 'sandroj' is member of group 'sysadmin-terminal'. Group 'sysadmin-terminal' is member of the local group 'mock' on servers that are designated as build hosts.

Version-Release number of selected component (if applicable):

mock-1.1.7-1.fc14.noarch

How reproducible:

Always

Steps to Reproduce:
1. run mock
2.
3.
  
Actual results:

ERROR: Must be member of 'mock' group to run mock! (['sysadmin-main', 'OGD', 'svn-terminal', 'puppet-masters', 'sysadmin-terminal', 'PLAP-Admin', 'sysadmin-zarafa', 'sysadmin-test', 'sysadmin-www', 'git-terminal-codebase', 'sysadmin-mirror'])
Traceback (most recent call last):
  File "/usr/sbin/mock", line 445, in <module>
    def do_buildsrpm(config_opts, chroot, options, args):
  File "/usr/sbin/mock", line 539, in main
    groupcheck()
  File "/usr/sbin/mock", line 496, in groupcheck
    raise RuntimeError, "Must be member of 'mock' group to run mock! (%s)" % members
RuntimeError: Must be member of 'mock' group to run mock! (['sysadmin-main', 'OGD', 'svn-terminal', 'puppet-masters', 'sysadmin-terminal', 'PLAP-Admin', 'sysadmin-zarafa', 'sysadmin-test', 'sysadmin-www', 'git-terminal-codebase', 'sysadmin-mirror'])

Expected results:

Well, mock not complaining.

Additional info:

Mock should be able to deal with nested groups by querying members of group mock instead of the grouplist of the user running mock. 'getent mock' on the affected system returns all members of group mock. This list could then be checked against the user running mock.