Monday, July 21, 2008

Inadvertent Use of Duplicate Group ID

We were trying to limit the number of regular users who could use xterm or cmdtool for security reasons. A user-defined group was created and admins/non-regulars were assigned to it. Unfortunately, the admins/non-regulars were mysteriously denied xterm/cmdtool execution, which definitely was not the desired effect. Permission denied. That feedback was a bit perplexing because the admins/non-regulars were supposeably assigned to the newly created group per niscat. After a little troubleshooting, it was discovered the newly created group ID matched an existing group’s GID in a different name service database. The GID issue was corrected and xterm worked like a champ.

No comments: