Group permission not working

bbauerle · April 28, 2004, 1:45pm

Please forgive me, but I am not a Unix expert. I'm supporting SAP r/3 and we are trying to run an external command from SAP to read a file at the unix level. When we perform the more command on the following two files, we are succesful in reading the bws file, but unsucessful in reading the bws1 file.

The user running the more command is sidadm. sidadm is defined in both the sapdata and siddata group. Any idea why we cannot read the second file?

-rw-r----- 1 txfer sapdata 9 Apr 23 20:16 bws
-rw-r----- 1 txfer siddata 9 Apr 23 20:21 bws1

If we change the owner of bws1 to sidadm, we can read the file. If we change the group to sapdata, we can read the file. Is it possible for a group to have 'corrupt' data in it?

Perderabo · April 29, 2004, 10:55pm

We don't have a lot of AIX members around I guess. But I'll take a shot in the dark based on general unix knowledge.

My best guess is that you're wrong in saying that user is a member of both groups. Try running the "groups" command (if AIX has one). It should display your group memberships.

bbauerle · April 30, 2004, 8:25am

Thank you for responding. I checked both groups and the user id defined in both. The only difference I notice in the groups is that the Administrator List is defined as ROOT in the group that is NOT working, and blank in the group that is working. Do you know if this has any relevance?

Perderabo · April 30, 2004, 10:06am

I don't know what an administrator list is, so I can't comment on that.

What technique did you use to "check both groups"? Did you try the "groups" command? What happened when you ran it?

bbauerle · April 30, 2004, 11:10am

When I run the groups command on both groups I get the following message:
The specified user is not known.
Check the /etc/passwd file for all known users.

I used SMIT to view the groups. Thanks.

Perderabo · April 30, 2004, 11:31am

You don't use "groups" like that.

Sign on as the user in question.

Type "groups".

What do you see?

dangral · April 30, 2004, 11:47am

I know it may be different in AIX, but in Solaris you dont need to sign on as the user in question. You can just type groups username.


NAME
     groups - print group membership of user

SYNOPSIS
     groups [ user ... ]

bbauerle · April 30, 2004, 12:20pm

My apologies, I was using the command incorrectly. When I perform the groups command I see the following on that user:

> groups sidam
sapdata staff siddata

Of note, when reading this file from the Unix level, I can read both files as user sidadm. It's only when trying to read it from SAP via an external command to Unix that I recieve this error. The vendor believes it is a unix problem.

Optimus_P · April 30, 2004, 12:30pm

what user and group id is the sap program running.

since the user can read the data from outside the sap program it leads me to believe the program is running as a differnt uid/gid.

Perderabo · April 30, 2004, 12:38pm

To expand on Optimus_P's comment, find that program and run "ls -l" on it.

bbauerle · April 30, 2004, 1:03pm

I can perform the ls -l command on both files successfullly via SAP. Also, when I perform a whoami command via sap, sidadm is returned as the user. I'm stumped.....

Perderabo · April 30, 2004, 1:20pm

ls -l on the program...not the data files...

tommy · May 4, 2004, 6:01am

Hi,

It seems that your problem is SAP related. You have probably added that "siddata" group for sidadm user without restarting SAP?

SAP is reading users group definitions only when it's started. Any changes made after that are not effective unless you restart your SAP application.

-- Tommy

bbauerle · May 10, 2004, 8:41am

Tommy - Thanks, the recycle resolved the problem..