在我的一台服务器上,我的用户遇到了一个奇怪的组成员问题。使用id
或groups
不带参数时,组列表包括来自root
用户的组以及我的用户共有的组,并且root
重复,例如wheel
、、video
。allowssh
其他用户不受影响。
mick@xxx ~ $ groups
root bin daemon sys adm disk wheel wheel floppy uucp cron audio cdrom dialout tape video video xfs games cdrw apache usb vboxusers portage allowssh allowssh svn users mick
mick@xxx ~ $ id
uid=1001(mick) gid=1001(mick) groupes=1001(mick),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),14(uucp),16(cron),18(audio),19(cdrom),20(dialout),26(tape),27(video),33(xfs),35(games),80(cdrw),81(apache),85(usb),102(vboxusers),250(portage),800(allowssh),909(svn),1000(users)
使用登录运行时,列表是正确的
mick@xxx ~ $ groups mick
wheel cron audio cdrom video xfs games cdrw apache usb vboxusers portage allowssh svn users mick
mick@xxx ~ $ groups root
root bin daemon sys adm disk wheel floppy uucp dialout tape video allowssh
mick@xxx ~ $ id mick
uid=1001(mick) gid=1001(mick) groupes=1001(mick),10(wheel),16(cron),18(audio),19(cdrom),27(video),33(xfs),35(games),80(cdrw),81(apache),85(usb),102(vboxusers),250(portage),800(allowssh),909(svn),1000(users)
mick@xxx ~ $ id root
uid=0(root) gid=0(root) groupes=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),14(uucp),20(dialout),26(tape),27(video),800(allowssh)
据我所知/etc/passwd
和的内容/etc/group
也是正确的。
mick@xxx ~ $ egrep 'mick|root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/bin/bash
mick:x:1001:1001::/home/mick:/bin/bash
mick@xxx ~ $ egrep 'mick|root' /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
disk:x:6:root,adm,haldaemon
wheel:x:10:root,mick,jef,apache,xfs,anne
floppy:x:11:root,haldaemon
uucp:x:14:root
cron:x:16:cron,mick,apache
audio:x:18:famille,mick,jef,juliette,victor,anne,xfs,pulse,sddm
cdrom:x:19:famille,mick,haldaemon,jef,juliette,victor,anne,xfs
dialout:x:20:root
tape:x:26:root
video:x:27:root,famille,mick,jef,juliette,victor,anne,xfs,oracle,sddm
xfs:x:33:xfs,mick,apache
games:x:35:famille,mick,jef,juliette,victor,anne,xfs
cdrw:x:80:famille,mick,haldaemon,xfs
apache:x:81:famille,jef,mick,xfs
usb:x:85:famille,mick,haldaemon,juliette,victor,anne,xfs
vboxusers:x:102:famille,vbox,mick,jef
portage:x:250:portage,famille,mick,jef,xfs,apache
allowssh:x:800:mick,jef,root,anne,juliette,victor
svn:x:909:famille,jef,mick,tracd
users:x:1000:mick,jef,apache,juliette,victor,offlineimap,xfs,anne
mick:x:1001:mick
什么可能导致这种行为? 我该如何纠正它?
编辑
id
和之间的输出差异id mick
是因为在第一种情况下id
调用系统调用,但在另一种情况下不调用系统调用,正如我所看到的getgroups
strace
mick@xxx $ strace id
[...]
getgroups(0, NULL) = 29
getgroups(29, [0, 1, 2, 3, 4, 6, 10, 10, 11, 14, 16, 18, 19, 20, 26, 27, 27, 33, 35, 80, 81, 85, 102, 250, 800, 800, 909, 1000, 1001]) = 29
[...]
mick@xxx $ strace id mick
[...]
openat(AT_FDCWD, "/var/db/group.db", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Aucun fichier ou dossier de ce type)
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1978, ...}) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 1978
lseek(3, 0, SEEK_CUR) = 1978
[...repeated]
lseek(3, 0, SEEK_CUR) = 1978
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/var/db/group.db", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Aucun fichier ou dossier de ce type)
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1978, ...}) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 1978
lseek(3, 0, SEEK_CUR) = 1978
[...repeated]
lseek(3, 0, SEEK_CUR) = 1978
read(3, "", 4096) = 0
close(3) = 0
[...]
我还发现,只有在 KDE 会话(Konsole 或 xterm)中组列表才不正确,但在其他类型的会话(例如 TTY 或通过 SSH)中组列表是正确的。
我不明白 KDE 与用户组有什么关系!
编辑2
我仍然不知道问题的原因,但在从内核 4.14 升级到 4.19 并重新启动后它就消失了。
我快速查看了 Linux Bugzilla,但没有发现有关该getgroups
系统调用的明显相关问题。