Hi,
I was hoping someone on this list might be able to help.
I’m getting permission denied when trying to access a directory owned by root, but with group that I’m a member of.
I’m getting: -bash: cd: testdir: Permission denied
I have the following scenario:
Running CentOS Linux release 7.6.1810 and sssd 1.16.5
I have a mount set up /data/testdir
As root, I chown/chmod testdir:
Chown root:testgrpa testdir
Chmod 770 testdir
When I log in as user1, I currently can’t cd into /data/testdir
It gives:
-bash: cd: testdir: Permission denied
user1 is a member of testgrpa:
OUTPUT of id user1:
uid=129371342(user1) gid=129371342(user1) groups=129371342(user1) ,29042750285(group1),1435459822(group2),3456349245(group3),……,239705249(testgrpa)
OUTPUT of getent group testgrpa:
testgrpa:*: 239705249:user1,user2,user2,user4,…..,user50
CONTENTS OF Sssd.conf:
[sssd]
config_file_version = 2
services = nss,pam
domains = dept.domain.com
[nss]
filter_users = root
filter_groups = root
[pam]
[domain/dept.domai.com]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_use_tokengroups = false
enumerate = false
cache_credentials = True
case_sensitive = false
ignore_group_members = false
auto_private_groups = true
ldap_schema = ad
ldap_uri = ldaps://ldapsserver.dept.domain.com:636
ldap_user_search_base = dc=ad,dc=dept,dc=domain,dc=com
ldap_group_search_base = OU=Security Groups,OU=Groups,dc=ad,dc=dept,dc=domain,dc=com?sub?(|(cn=domain users)(cn=testgrpa))
ldap_referrals = False
ldap_group_nesting_level = 3
ldap_tls_reqcert = allow
ldap_tls_cacertdir = /etc/sssd
ldap_use_tokengroups = True
ldap_id_mapping = True
override_homedir = /mnt/exports/shared/home/%u
fallback_homedir = /shared/home/%u
default_shell = /bin/bash
ldap_access_order = filter, expire
ldap_account_expire_policy = ad
ldap_access_filter = (|(memberOf=cn=testgrpa,OU=Security Groups,OU=Groups,DC=ad,DC=dept,DC=domain,DC=com))
ldap_default_bind_dn = <service account>
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = <authtok>
Thanks,
Paul T