[OpenAFS] Loosing tokens...
Cajus Pollmeier
lists@naasa.net
Mon, 4 Apr 2005 16:13:09 +0200
Am Montag, 4. April 2005 15:48 schrieb Frank Burkhardt:
Hi Frank,
thanks for the quick response!
> On Mon, Apr 04, 2005 at 01:39:33PM +0200, Cajus Pollmeier wrote:
> > Hi!
> >
> > I've a strange problem here while working localy on the machine named
> > "lama". Everytime when a friend logs in (via SSH), I'm loosing my token
> > (ID 1011) and get his token (ID 1006) instead. I've gained permissions to
> > his data in this case, while I've lost access to my own stuff. For this
> > case I left a shell open which is just used to enter an "aklog" again:
>
> What does the 'id -G' command show in
> 1. your session?
1011 33801 47627 80 999 1004 1023
> 2. your friend's ssh-session?
1006 33801 47627 1004 1023
So the ID's are different, but there are some common groups.
> _Maybe_ you restarted/started your ssh-server in your own PAG.
> Example:
>
> <wrong>
> cajus@lama:~$ su
> password:
> root@lama:~# /etc/init.d/ssh stop
> root@lama:~# /etc/init.d/ssh start
> root@lama:~# exit
> root@lama:~$
> </wrong>
>
> The ssh-deamon inherits your PAG (process authentication group). It can be
> avoided by using 'unpagsh' before running the ssh-daemon:
Sure, I've restarted ssh. Hmm. Is unpagsh replacable by pagsh? I've no unpagsh
on my system here...
Cheers,
Cajus