Im editing the top post with updates for those that already read this all but found it too boring to reply.
I still have questions about Win ACLs on 10.3, but HERE IS THE REAL ISSUE that I'm dealing with. Basically, if I add users to groups in WM, or remove users from groups, it doesn't seem to be reflected from a shell prompt in any kind of realtime. If I loop through 'id' lookups while making WM group entries, nothing changes. If I logout and in from the shell, I will see a different list, but it is rarely correct. In this case I was seeing 16 of 21 groups associated with a user. One of the groups that wasn't showing in the shell is directly associated with the inability to get into the group directory. So I tried deleting several other groups that did show in shell, logged out and in and what did I see? The three I deleted were no longer showing, and one of the 5 that were missing had appeared. (and now she can get into the directory in question...) (but not the ones I removed, doh!)
So what's going on? At first I thought it was "first sixteen groups" as a limit, but for others it might be 4, 7, or other random numbers. What is the linkage betwee Open Directory and the lookupd that supposedly returns this info?
Original Post --- (for reference)
We are having issues with group folders where some group members don't get access and others do. Creating new folders and new groups isn't helping for certain users. All groups for this user show in Workgroup Manager. (21) However... I set shell access for this user, SSH'd in and used the 'groups' command, and only received 16 groups back. Is there some limit on group membership, or is it a limit of the shell? Oh yes, and the id command returns the same.
Also, on the way to finding out the above, I notice in Win2K clients that if you select properties on a folder and go to Security, you see three entries. (Owner, Group, World, right?) However, the group is displayed as a user, in particular the user with a UID = to the GID of the correct group. Making me crazy. Is this a known issue?
TIA!
amcmis
I still have questions about Win ACLs on 10.3, but HERE IS THE REAL ISSUE that I'm dealing with. Basically, if I add users to groups in WM, or remove users from groups, it doesn't seem to be reflected from a shell prompt in any kind of realtime. If I loop through 'id' lookups while making WM group entries, nothing changes. If I logout and in from the shell, I will see a different list, but it is rarely correct. In this case I was seeing 16 of 21 groups associated with a user. One of the groups that wasn't showing in the shell is directly associated with the inability to get into the group directory. So I tried deleting several other groups that did show in shell, logged out and in and what did I see? The three I deleted were no longer showing, and one of the 5 that were missing had appeared. (and now she can get into the directory in question...) (but not the ones I removed, doh!)
So what's going on? At first I thought it was "first sixteen groups" as a limit, but for others it might be 4, 7, or other random numbers. What is the linkage betwee Open Directory and the lookupd that supposedly returns this info?
Original Post --- (for reference)
We are having issues with group folders where some group members don't get access and others do. Creating new folders and new groups isn't helping for certain users. All groups for this user show in Workgroup Manager. (21) However... I set shell access for this user, SSH'd in and used the 'groups' command, and only received 16 groups back. Is there some limit on group membership, or is it a limit of the shell? Oh yes, and the id command returns the same.
Also, on the way to finding out the above, I notice in Win2K clients that if you select properties on a folder and go to Security, you see three entries. (Owner, Group, World, right?) However, the group is displayed as a user, in particular the user with a UID = to the GID of the correct group. Making me crazy. Is this a known issue?
TIA!
amcmis