User cannot enter his group's directory despite the directory having the correct permissions and the user being in the proper group

NoobAdmin

3/22/23, 2:38 AM

I have a directory called /workspace that looks like this:

[root@machine workspace]# ls -al
total 7
drwxr-s---. 7 root workspace 4651468242 Nov 16 14:41 .
dr-xr-xr-x. 22 root root 4096 Nov 15 11:36 ..
(I left out its subdirectories. You can see that /workspace belongs to the group workspace)

Then there's a user yang whose id is as follows:
[root@machine workspace]# id yang
uid=563(yang) gid=1701(yang) groups=1701(yang),1044(workspace)
This should allow him to enter /workspace but in reality he couldn't:
[root@machine workspace]# su - yang
Last login: Mon Nov 22 10:05:41 CST 2021 on pts/46
[yang@machine ~]$ cd /workspace/
-bash: cd: /workspace/: Permission denied
However of all users in the group workspace, he's the only one with this problem. Other users can access /workspace just fine, for example:
[root@machine workspace]# id zhao
uid=651(zhao) gid=651(zhao) groups=651(zhao),1044(workspace)
[root@machine workspace]# su - zhao
Last login: Mon Nov 22 10:13:27 CST 2021 on pts/103
[zhao@machine ~]$ cd /workspace/
[zhao@machine workspace]$
More details here:
[yang@machine ~]$ id
uid=563(yang) gid=1701(yang) groups=1701(yang),1044(workspace) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[zhao@machine ~]$ id
uid=651(zhao) gid=651(zhao) groups=651(zhao),1044(workspace) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
The frustrating issue is encountered on both CentOS 6.9 and 7.9. Can anybody help me with it? Thanks!

0 + 0

linux

permissions

centos6

centos7

Score:0

Server

NoobAdmin

3/22/23, 3:36 AM

Okay so after a colleague suggested me that there might be an upper limit for supplementary groups, I doubled checked and found that /workspace is on an nfs drive with the command df -hT, and according to RFC5531, when using AUTH_SYS authentication, the default maximum number of group IDs is 16. I found a guide from NetApp teaching you how to change the default limit. While in practice the method should differ between different vendors, it can nevertheless give you an overall idea.

Another lesson is to never leave out anything when asking questions. As it turned out, yang belonged to more than 16 groups while most other users didn't exceed that number. I left out the other groups thinking they were too long, too obtrusive, but in the end, they turned out to be the problem.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: User cannot enter his group's directory despite the directory having the correct permissions and the user being in the proper group

TH: ผู้ใช้ไม่สามารถเข้าสู่ไดเร็กทอรีของกลุ่มได้ แม้ว่าไดเร็กทอรีจะมีสิทธิ์ที่ถูกต้องและผู้ใช้อยู่ในกลุ่มที่ถูกต้องก็ตาม

RO: Utilizatorul nu poate intra în directorul grupului său, deși directorul are permisiunile corecte și utilizatorul se află în grupul corespunzător

RU: Пользователь не может войти в каталог своей группы, несмотря на то, что каталог имеет правильные разрешения и пользователь находится в соответствующей группе.

VI: Người dùng không thể vào thư mục nhóm của mình mặc dù thư mục có quyền chính xác và người dùng đang ở trong nhóm phù hợp

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.