That is the tricky part.
"id $problem_user" returns old group membership if being run from the user's
own terminal and session. It returns correct membership if being run from a different
user's terminal
"newgrp $new_group" works always (does not ask for a password) regardless of the
terminal. But having to run newgrp all the time is bit obstacle. They need to see the
correct group memberhip immediately in order to access NFS shares.
Ondrej
-----Original Message-----
From: Lukas Slebodnik [mailto:lslebodn@redhat.com]
Sent: 10 February 2016 08:43
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users] Re: user group mebmership
On (09/02/16 12:02), Ondrej Valousek wrote:
Hi List,
Just a strange cache-like issue. When I add user to a certain group, he does not see his
group membership updated (via 'id -a') until he closes his X session (+ all
processes terminated) and starts a fresh new one.
id $current_user should return right results IIRC.
Probably not directly related to SSSD as I can see his groups updated
in a matter of minutes.
Is there anything we could do to address this? Sometimes even starting new shell does not
help - it is bit frustrating having to start a complete new session.
Following manula page should help you.
man 1 newgrp
Small example
https://developer.fedoraproject.org/tools/vagrant/vagrant-libvirt.html#us...
LS
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.