Re: Permissions and Groups problem

Subject: Re: Permissions and Groups problem
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Tue Aug 01 2000 - 15:09:08 EDT

• Next message: wesley.craig@umich.edu: "Re: netatalk.com"
• Previous message: Greg Lincoln: "Permissions and Groups problem"
• In reply to: Greg Lincoln: "Permissions and Groups problem"
• Next in thread: Greg Lincoln: "Re: Permissions and Groups problem"
• Reply: Tom Fitzgerald: "Re: Permissions and Groups problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It seems like I write about permissions a lot, but it's a real issue, here.
>
> Netatalk is not recognizing any user as being a part of any group other than
> the one it was created as, from what I can see. I'm apparently not finding
> something that needs to be changed, but what? Doesn't the authentication
> still run from the system? I''m running ...asun2.1.3-7 and Redhat Linux 6.2,
> with shadow PW and PAM installed.

The permissions handling isn't the same as the authentication handling,
so you may be looking in the wrong place.... The afpd will run with the
group membership it finds in /etc/group at the time it (afpd) starts up.
The group list from /etc/group is matched against the single group
that the file or directory is in, to see if the user should have
permission to access it.

Is there some chance you have NIS or NIS+ messing things up? And
there's no chance that the user accidentally got two entries in
/etc/group, is there?

> Authentication is working great, and logins are all working like they're
> supposed to. I'm still not getting afpd authentications logged in messages,
> or anywhere else I can find.

The authentication stuff is logged as 'daemon.info' to the syslog, so
if your /etc/syslog.conf has

daemon.info /var/log/messages

(with a tab between the fields, of course) then you should be able to
find it in /var/log/messages. You should be getting data like this
(though this is at daemon.debug so may be more verbose than normal):

Jun 27 14:12:33 archfile.mit.edu afpd[3651]: dhx login: tfitz
Jun 27 14:12:33 archfile.mit.edu afpd[3651]: 0.08KB read, 0.07KB written
Jun 27 14:12:33 archfile.mit.edu afpd[218]: server_child[2] 3651 done
Jun 27 14:14:53 archfile.mit.edu afpd[3656]: ASIP session:548(2) from
18.80.2.232
Jun 27 14:24:58 archfile.mit.edu afpd[3706]: randnum/rand2num login: tfitz
Jun 27 14:24:58 archfile.mit.edu afpd[3706]: login tfitz (uid 18719, gid
101)
Jun 27 14:24:58 archfile.mit.edu afpd[3706]: notice: fixing up
byte-swapped v1 magic/version.
Jun 27 14:27:50 archfile.mit.edu afpd[3706]: logout tfitz

> So the user continues under the same group as before. Folders only viewable
> by group1 are being viewed by a user that only has setting to group2.

Could you post or send the user's lines from /etc/passwd and /etc/group,
and the ls -l of the directory the user isn't supposed to be in?

• Next message: wesley.craig@umich.edu: "Re: netatalk.com"
• Previous message: Greg Lincoln: "Permissions and Groups problem"
• In reply to: Greg Lincoln: "Permissions and Groups problem"
• Next in thread: Greg Lincoln: "Re: Permissions and Groups problem"
• Reply: Tom Fitzgerald: "Re: Permissions and Groups problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:46 EST