Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: pjhealy on August 30, 2024, 02:29:44 AM
-
Hi,
I've created an iBay that is accessible by a single group (GroupA). That iBay's group is GroupA. The primary users of that iBay are only members of GroupA. The iBay permissions are Write=group, Read=group. All primary users have no trouble accessing the iBay (both R/W).
However, I have one member that is primarily a member of another group (GroupB) and a secondary member of GroupA. This user cannot access the iBay at all. If I change the iBay permission to Write=group, Read=everyone, the user can see the files, but of course, cannot create/modify files.
The user in question is able to access files in iBays that are in it's primary group.
What am I doing wrong? Am I misunderstanding how the groups are supposed to work?
Thanks,
Pat
-
there are not such thing as primary and secondary group, just group.
I suggest you to check the actual rights of the files you try to access from console.
-
You might see this behavior if you added the user to GroupA using normal linux commands (useradd -g GroupA <username>) instead of using server-manager.
The normal linux command would not automatically trigger the template expansion that adjusts all of the other system components.
Take a look at the GroupA group in server-manager.
-
there are not such thing as primary and secondary group, just group.
I suggest you to check the actual rights of the files you try to access from console.
Thanks for responding. It was probably a poor choice of words - Primary/Secondary... The successful users have exist in only 1 group (GroupA). The problematic user exists in two groups, where GroupB is the first listed group and GroupA is second in their user form. The problematic user has not trouble with the GroupB iBay, but can't access GroupA's iBay.
-
You might see this behavior if you added the user to GroupA using normal linux commands (useradd -g GroupA <username>) instead of using server-manager.
The normal linux command would not automatically trigger the template expansion that adjusts all of the other system components.
Take a look at the GroupA group in server-manager.
Thanks for the quick response - Everything was created through the 'server-manager' - however, the folders were restored with a cpio command from another server.
Does this process make sense to fix it - From one of the users where they can access the iBay's folder, I'll create a regular text file and a folder. Then, I'll ssh into the server and see what ownership and permissions are for those two items. From there I should be able to change all the files to match the test file, and folders to match the test folders with chmod and chown. Does that make sense or am I going to further complicate the problem?
Thanks!
-
the folders were restored with a cpio command from another server.
Simply saving ibay properties should sort this.
-
groupe name is what you use
guid is what unix/linux uses. whenver you copy things from one machine to another even if you use the same group or user name, they might reflect different numerical uid and guid.
this. could explain your issue
bunkobugsy suggestion is a way to workaround that