1

I'm using Ubuntu 16.04. When I use LightDM to login and start X, I see that my secondary groups aren't loaded (running "groups" reports that I belong only to my primary group). If I log in via console or if I su in a term in X, the groups command works normally, reporting my primary and all of my secondary groups.

Curiously, even though "groups" does not report that I'm a member of sudoers, I can still sudo. Similarly, I can run mythfrontend, even though I'm not reportedly a member of mythtv. It seems as if the OS recognizes my secondary groups, even if the groups command does not.

So, it doesn't seem to cause a real problem, but I'm curious if anyone else has seen this behavior. I have three other machines running Ubuntu 16.04, but groups works normally on each of them.

Jesse Hughes
  • 13
  • 1
    what does id show? – ivanivan Jul 11 '18 at 01:59
  • id also reports that I am a member of my primary group and no other. – Jesse Hughes Jul 11 '18 at 02:11
  • Are you saying that your user isn't in the /etc/sudoers file? Also if you reboot the system it still reports the same way? Please post your /etc/nsswitch.conf as well. Specifically we want to see the group: ... line. – slm Jul 11 '18 at 03:33
  • My user is a member of the group sudo, which has access to all commands, per the default Ubuntu sudoers file. But this problem isn't about sudo, really. To test it out, I created a new user and added him to a test group. When I logged in as that user, "groups" reported only his primary group, not the test (secondary) group. When I su'ed to the same user, his test group was listed under "groups". – Jesse Hughes Jul 11 '18 at 11:55
  • nsswitch.conf found here. – Jesse Hughes Jul 11 '18 at 11:59
  • Pardon the bad link above. Here it is: http://phiwumbda.org/~jesse/tmp/nsswitch.conf . I am new to stackexchange. – Jesse Hughes Jul 11 '18 at 12:40
  • I've got exactly the same problem here and trying hard to debug. It must have happened after a very recent apt-get dist-upgrade. Just don't get a clue why this happens. For all my shell activities, I've to do 'su - myaccount' – Roby Jul 11 '18 at 14:24
  • And I do have problem because it's not listing secondary groups. I'm having docker installed in my system, and I'm part of 'docker' group. However docker CLI doesn't work since it can't read /var/run/docker.sock. That's how I realized this problem. – Roby Jul 11 '18 at 14:29

1 Answers1

0

I've got my exact problem fixed, thanks to the defect reported here https://bugzilla.redhat.com/show_bug.cgi?id=1581495

I had errors logged into the /var/log/auth.log which made me suspect problems around this.

These Ubuntu package was updated yesterday, libpam-kwallet4:amd64 (4:5.5.5-0ubuntu1.2, 4:5.5.5-0ubuntu1.3), libpam-kwallet5:amd64 (4:5.5.5-0ubuntu1.2, 4:5.5.5-0ubuntu1.3) and this must have caused the trouble. I just commented out the following lines in /etc/pam.d/lightdm

auth    optional        pam_kwallet.so
auth    optional        pam_kwallet5.so

and a reboot saved my day

Roby
  • 136
  • I wouldn't mind understanding what those lines were supposed to do, mind you. I've a very meager understanding of pam. – Jesse Hughes Jul 11 '18 at 20:09
  • @JesseHughes - It was supposed to get my KDE wallet unlocked automatically. It doesn't happen anymore, but that's okay. It pops up a prompt for me once I log in. – Roby Jul 17 '18 at 12:46