Login or Register to Ask a Question and Join Our Community


AIX

AIX not following permission rules on group

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX not following permission rules on group
# 1  
Old 03-05-2014
Bug [Solved] AIX not following permission rules on group
Has anyone ever encountered this? It's one of those it was working Monday but not today issues.

We have an account pcadmin in the group utl, its supposed to read the files in utl. No issues on Monday, but today pcadmin can't read anything owned by utl. Below you can see it still has the group and the group ownership of the files. My instinct is reboot the host, but its prod and the request will take awhile to get approved. Any other thoughts?

Code:
$ id pcadmin
uid=30101(pcadmin) gid=10051(pcadmin) groups=1(staff),10000(infra),31008(pc_pdc),31007(pc_frm),10012(omg),10003(bpr),
31019(embsft),10068(pcdev),31005(cqsadm),10303(sfubpr),10067(bpftpg),
10139(cqs),10041(act),10011(bil),10014(ccr),30125(utl)
$ groups pcadmin
pcadmin : pcadmin staff infra pc_pdc pc_frm omg bpr embsft pcdev cqsadm sfubpr bpftpg cqs act bil ccr utl
$ ls -ltr
total 8
-rw-rw----    1 prutl    utl             632 Mar 05 21:43 CST_END_TO_END_PF.txt
-rw-rw----    1 prutl    utl              15 Mar 05 22:45 test
-rw-rw----    1 prutl    utl              12 Mar 05 22:48 jeremy.txt
$ cat jeremy.txt
cat: 0652-050 Cannot open jeremy.txt.
$ uptime
  10:50PM   up 83 days,  16:31,  9 users,  load average: 2.61, 3.33, 4.02

# 2  
Old 03-06-2014
Could you run below on the mount point of that FS where those files reside?

Code:
ls -ld /mount_point

Then unmount that FS (is it's possible) and do the same?
# 3  
Old 03-06-2014
it happens sometimes.. when you have a lot of groups and you are concerned by the last ones in the list... To tell you more I would need to know a bit more about your OS (oslevel...) and what you have not said here or I cant see it: What are the perms on that current directory and have they changed?
The case I have quite similar is happening on a FS that is imported from a NAS... where our AD have put ACLs..., I wonder if its because og the group sticky bit the WIN stuff cant manage and so the arctefact.. Workaround since you are in the group:
Code:
 newgrp utl

...
But it would be interesting to know why it worked and no more today... but wee need the directory perms...
# 4  
Old 03-06-2014
As phobus asked what is the permission on the main directory, it might be someone changed the permissions on it.

running newgrp <groupname> will change the existing secondary group to primary group (of that user). So be aware of this before you execute the command.
# 5  
Old 03-06-2014
My guess is that on Monday the user was in 16 groups and someone added a 17th group since then. NGROUPS_MAX is often set to 16. Even if it is increased, NFS only supports 16 groups. Is the file system NFS mounted?
This User Gave Thanks to Perderabo For This Post:
J-Man
# 6  
Old 03-06-2014
Thanks for all the great input everyone. Here is some more background data,

The folder permissions are,
Code:
$ ls -ld /bp_data/frm/pr/ParamFiles/PFMBT
drwxrwsr-x    2 pcadmin  utl            4096 Mar 06 03:19 /bp_data/frm/pr/ParamFiles/PFMBT

And you are correct in guessing it is a NFS mount.
$ df -g /bp_data/frm/pr/ParamFiles/PFMBT
Code:
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
np00002:/vol/BP_CACHE_PR/PR_DATA    896.25    438.50   52%    94591     1% /bp_data

/bp_data:
        dev             = "/vol/BP_CACHE_PR/PR_DATA"
        vfs             = nfs
        nodename        = np00002
        mount           = true
        options         = rw,bg,hard,intr,rsize=32768,wsize=32768
        account         = false

The OS level is 6.1
$ uname -a
AIX ####### 1 6 00F61FD34C00

The Id pcadmin has 17 groups if you count the primary group. 1+16, I will remove the staff group and see if the issue resolves.
# 7  
Old 03-06-2014
Quote:
Originally Posted by J-Man
And you are correct in guessing it is a NFS mount.
I think we are making progress. What is the content (regarding this filesystem) of the file /etc/exports on the system exporting the share?

To be sure the loaded NFS configuration is what the file says issue a

Code:
exportfs -va

as root on the exporting system. This re-exports all shares putting the current content of /etc/exports into effect (if it wasn't already). Check the effect with the command (as root)

Code:
showmount -e

I hope this helps.

bakunin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to create a Group with rwx permission?

I want to create a GROUP with rwx permission. Also, I want to create a GROUP with root privileges, so that next time i create a user, I just need to add it to any of the groups and privileges automatically applied. please help. Thanks, Shouvanik (4 Replies)
Discussion started by: shouvanik
4 Replies

2. Solaris

Solaris group ID permission drwxrwS--x

why is the group id in capital S and not lowercase s ? I have a directory with the following permissions: drwxrws--x when I remove the group id and add it again with g+s or chmod 2765 , it displays the group ID in capital "S" instead of lowercase "s" tried to find this out on Google, but... (2 Replies)
Discussion started by: misterx12345
2 Replies

3. Solaris

Can't sudo Using Group Permission

All: I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...). The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies

4. UNIX for Dummies Questions & Answers

Need to remove Group write permission .

How would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days. This is what i got from internet souce but i m not able to modify it according to my distribution. find /etc -perm... (1 Reply)
Discussion started by: pinga123
1 Replies

5. Shell Programming and Scripting

Find all files with group read OR group write OR user write permission

I need to find all the files that have group Read or Write permission or files that have user write permission. This is what I have so far: find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}' It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies

6. UNIX for Dummies Questions & Answers

Inherit Group File Permission

In our file system, the SGID for a directory is set right now. Any new files created in this directory will automatically be assigned the same group from the parent directory. Is there a way to inherit the file permission from the parent directory as well? The OS is Solaris 2.8. Example:... (1 Reply)
Discussion started by: april
1 Replies

7. UNIX for Dummies Questions & Answers

how to add permission of directory to a group

Hi, A simple and silly question on Unix. I have a directory named "a" and I would like to grant permission to group name "text" to access, read and execute my directory. Could anyone help me? Thanks. (2 Replies)
Discussion started by: ahjiefreak
2 Replies

8. Shell Programming and Scripting

permission, owner and group

hello I search a script (ksh for Aix 5.3) to save all permissions, groups and owner for all files. Because we work much to change it, and a mystake ......! So i want execute this script to save/ execute permissions for all files. If you have this script, thank you for your help ;) best... (2 Replies)
Discussion started by: pascalbout
2 Replies

9. UNIX for Dummies Questions & Answers

group permission

I have an executable that had permissions set to 700. I changed this to 770 and added a user to the group in an attempt to allow that userds to run the file. Obviously this didnt work or I wouldnt be here. Do I need to cause the group file to be re-read and if so how, or am I misunderstanding... (6 Replies)
Discussion started by: thumper
6 Replies

10. AIX

Group permission not working

Please forgive me, but I am not a Unix expert. I'm supporting SAP r/3 and we are trying to run an external command from SAP to read a file at the unix level. When we perform the more command on the following two files, we are succesful in reading the bws file, but unsucessful in reading the bws1... (13 Replies)
Discussion started by: bbauerle
13 Replies
Login or Register to Ask a Question