[Nottingham] NIS groups

Alex Herington alex at fnet.nu
Tue Oct 30 11:18:08 GMT 2007 

Hi all,

I've got a problem with NIS that I'm wondering if anyone can help with.

I have a network with an Ubuntu 6.06 LTS server running NIS/NFS, and 
Ubuntu 7.04 clients. NIS seems to be working fine on a network level - I 
can ypcat things like passwd and group on the clients. The problem I 
have is that clients aren't reporting the correct secondary groups :(

For example...

On the server:
alex at server:~$ id
uid=1000(alex) gid=2000(staff) 
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),106(lpadmin),107(scanner),108(admin),2000(staff),2001(management),2002(accounts)

User alex is a member of "management" and "accounts" groups.

On the client:
alex at client:~$ id
uid=1000(alex) gid=2000(staff) 
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),112(netdev),113(lpadmin),115(powerdev),117(admin),2000(staff)

User alex doesn't appear to be in the same secondary groups, but I know 
the client box can read the group file from the NIS server..

alex at client:~$ ypcat group
accounts:x:2002:timr,jamesp,michellep,alex
staff:x:2000:
management:x:2001:timr,jamesp,alex

/etc/nsswitch.conf has the relevant entries to make sure it hits up NIS 
for entries not local...

passwd: nis files
group: nis files
shadow: nis files

And I've appended +:::::: (well, the right number of colons depending on 
the file) on the corresponding local files on the client.

Things like directory lists of NFS files with group ownership as the 
"missing" groups seems to work fine. For example:

alex at client:/home/staff$ ll
total 2
drwxrws--- 26 staff accounts 1336 2007-10-20 16:02 accounts
drwxrws--- 20 staff staff     960 2007-10-22 09:25 share

So yes, a little puzzling to me at least. The client can apparently read 
NIS users and groups, and successfully uses this info with various 
things like ls and ypcat but doesn't not for certain system related 
things like file access:

alex at client:/home/staff$ ll
total 2
drwxrws--- 26 staff accounts 1336 2007-10-20 16:02 accounts
drwxrws--- 20 staff staff     960 2007-10-22 09:25 share
alex at client:/home/staff$ cd accounts
bash: cd: accounts: Permission denied
(although I'm supposed to be a member of the accounts group)

I'm confused! Argh! Can anyone shed any light?

Regards,
Alex

More information about the Nottingham mailing list