On 16/08/07, Nick Chalk <nick@???> wrote:
> Alex, however, can only access one:
>
> alexander@workshop-admin:~$ id
> uid=10032(alexander) gid=10032(alexander)
> groups=4(adm),20(dialout),21(fax),24(cdrom),
> 25(floppy),26(tape),29(audio),30(dip),46(plugdev),
> 50(staff),100(users),104(scanner),
> 513(Domain Users),546(Guests),10000(guest),
> 10008(workers),10011(admin),10032(alexander)
>
> alexander@workshop-admin:~$ ls /home/admin/
> ls: /home/admin/: Permission denied
> alexander@workshop-admin:~$ ls /home/staff/
> A4 Delta House Booklet Members Induction Pack
> A4 Delta House Booklet.pub Memory Bus 1.pub
> ....
>
>
> I am at a loss as to why this is happening.
> /home/admin is rwx by group admin, and both users
> are members of that group. id, getent, and
> ldapsearch show that LDAP look-ups are succeeding
> for both users.
>
> I've tried two other accounts - one behaves like
> mine, the other like Alex's.
I vaguely recall that NFS can only send 16 group memberships per
request and this page, describing a patch which works around this
limitation, seems to confirm that:
http://www.frankvm.com/nfs-ngroups/README
Alex is part of more than 16 groups and it looks like the admin group
is one of the later groups.
Perhaps it would be possible to work around the problem by re-ordering
the group memberships so that those required for NFS appear first in
the list of secondary groups.
G
