[Pansophy] Your Incident INC0041120 has comments added - User Group and sudo privileges

Kelvin Edwards kelvin at jlab.org
Thu Apr 29 10:38:51 EDT 2021 

Ahhh.  I juist tested the file creation from Linux and its fine.  After I made the changes yesterday, did he logout or not?  He would have needed to logout of his windows system and then back in for the updated group to be enforced.  This may be why he's still seeing files created as group acc.

As for your sudo privileges, I'm seeing the same issue with root (and sudo) access.  These files were all moved to a new file server over the weekend and there have been lingering ACL and other issues.  You will need to use /apps/bin/sudo, though, which it looks like is your default.  So, that's good.



--kelvin

________________________________
From: Valerie Bookwalter <bookwalt at jlab.org>
Sent: Thursday, April 29, 2021 10:32 AM
To: Kelvin Edwards <kelvin at jlab.org>
Cc: Center, Computer <helpdesk at jlab.org>; pansophy <pansophy at jlab.org>
Subject: RE: Your Incident INC0041120 has comments added - User Group and sudo privileges


Kelvin,



He is on Remote Desktop (working from home) into a windows system (srfsamuels).

Using MSWord he is saving files to M:\asd\www\pansophy\html\travelersit\newhtmfiles



He then would normally log into pansophydb.jlab.org to complete the traveler conversion process.

The saving from MSWord seems to be the key to the groups.



But the sudo is done directly on pansophydb.



Thanks.

Valerie



From: Kelvin Edwards <kelvin at jlab.org>
Sent: Thursday, April 29, 2021 10:28 AM
To: Valerie Bookwalter <bookwalt at jlab.org>
Cc: Center, Computer <helpdesk at jlab.org>; pansophy <pansophy at jlab.org>
Subject: Re: Your Incident INC0041120 has comments added - User Group and sudo privileges



Valerie,



Where are you in the filesystem when he is creating files and you're trying to change the group?  I'd like to see if there is anything else in play here.  His default group on dbl1 is showing as asdweb, though.



[root at dbl1 ~]# getent passwd samuels

samuels:naE2Ug3ezdUAI:10499:430:Homer Samuels:/home/samuels:/bin/tcsh

[root at dbl1 ~]# getent group 430

asdweb:*:430:bookwalt,adapps,mon,fischer,mdickey,camp,robertl,megan,anichols,joman,ashleya,samuels,anguyen,mathes,zheng





--kelvin

________________________________

From: Valerie Bookwalter <bookwalt at jlab.org<mailto:bookwalt at jlab.org>>
Sent: Thursday, April 29, 2021 10:21 AM
To: Kelvin Edwards <kelvin at jlab.org<mailto:kelvin at jlab.org>>
Cc: Center, Computer <helpdesk at jlab.org<mailto:helpdesk at jlab.org>>; pansophy <pansophy at jlab.org<mailto:pansophy at jlab.org>>
Subject: FW: Your Incident INC0041120 has comments added - User Group and sudo privileges



Kelvin,



Allen Samuels saved some files this morning and his group is still showing up as “acc”.

If you notice the dates, previously when he saved a file his group was set to “asdweb”.

I don’t understand the usage of AD, but for some reason the pansophydb server is not responding correctly.



[cid:image003.jpg at 01D73CE2.F4A24670]



For SUDO permissions, I don’t work on linux as often as before, but these are the commands I tried to run to chgrp.

Am I running the wrong sudo command? I am logged in as “bookwalt” and not “adapps”.



[cid:image004.jpg at 01D73CE2.F4A24670]



Your help with this is greatly appreciated.

Thank You.





Valerie Bookwalter

Jefferson Lab, SRF Department

Pansophy Team

1-757-813-6716 (CELL)

1-767-269-5802 (OFFICE – currently working offsite)







From: Pansophy <pansophy-bounces at mailman.jlab.org<mailto:pansophy-bounces at mailman.jlab.org>> On Behalf Of Megan McDonald
Sent: Wednesday, April 28, 2021 4:01 PM
To: pansophy <pansophy at jlab.org<mailto:pansophy at jlab.org>>
Subject: [Pansophy] Fwd: Your Incident INC0041120 has comments added - User Group and sudo privileges





Sent from my iPhone

Begin forwarded message:

From: IT Service Desk <jlab at servicenowservices.com<mailto:jlab at servicenowservices.com>>
Date: April 28, 2021 at 3:42:13 PM EDT
To: Megan McDonald <megan at jlab.org<mailto:megan at jlab.org>>
Subject: Your Incident INC0041120 has comments added - User Group and sudo privileges
Reply-To: IT Service Desk <jlab at servicenowservices.com<mailto:jlab at servicenowservices.com>>



Subject: User Group and sudo privileges

Incident: INC0041120

Comments:

________________________________

04-28-2021 03:41:08 PM EDT - Kelvin Edwards Additional comments

Ok. I've updated his primary group ID in AD to be 430. There was a difference between what was in Active Directory and what was in NIS. We've moved to using AD for authentication and IDs on Linux as well, so that may have been the issue you saw.

As for sudo permissions, it looks like your account and Valerie's was given sudo permission, but not the group account adapps. try switching to yourself (su - megan) and trying the sudo from there. Let me know if this works or if you need anything else.

________________________________

04-28-2021 03:02:59 PM EDT - Megan McDonald Additional comments

received from: megan at jlab.org<mailto:megan at jlab.org>

Please set Allen Samuels (saumels) user derfault to asdweb. He has for some reason changed back to acc.

Also, when Valerie and I tried to chgrp of the files to asdweb, our sudo privileges didn't work. We are sudo'd in as adapps.
[cid:image001.png at 01D73C3F.27769CD0]

Thanks
Megan McDonald
Office - (757) 269-7641
Cell - (757) 234-1604

You can view all the details of the incident by following the link below:

Take me to the Incident<https://urldefense.proofpoint.com/v2/url?u=https-3A__jlab.servicenowservices.com_nav-5Fto.do-3Furi-3Dincident.do-3Fsys-5Fid-3De05ff2e51bb3a8506a9e85dae54bcbf7&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=oO9OAWy24fuuhrWJKkUIDw&m=A36RY0FfbSrw1VPfWn50u-qUmAthczyRHM5IlFsEhuA&s=5f_ThqIJyOOuX4KegJIyI_l1XOQtXJeVzzozi5JK9Ng&e=>

Original Request:

Please set Allen Samuels (saumels) user derfault to asdweb. He has for some reason changed back to acc.

Also, when Valerie and I tried to chgrp of the files to asdweb, our sudo privileges didn't work. We are sudo'd in as adapps.
[cid:image001.png at 01D73C3F.27769CD0]

Thanks
Megan McDonald
Office - (757) 269-7641
Cell - (757) 234-1604





Ref:MSG0343802_WNtl64LWhhKGrrRuKWZ2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20210429/9952443c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 49597 bytes
Desc: image003.jpg
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20210429/9952443c/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 51185 bytes
Desc: image004.jpg
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20210429/9952443c/attachment-0003.jpg>

More information about the Pansophy mailing list