5

I am currently using Ubuntu 18.04, and my username is abcxyz (not real, changed for the matter of the question). If I look at the contents of /etc/groups, my user appears in many groups:

$ cat /etc/group | grep abcxyz
adm:x:4:syslog,abcxyz,admin
cdrom:x:24:abcxyz
sudo:x:27:abcxyz,admin
dip:x:30:abcxyz
plugdev:x:46:abcxyz
lpadmin:x:113:abcxyz,admin
abcxyz:x:1000:
sambashare:x:128:abcxyz,admin
libvirtd:x:134:abcxyz,admin
libvirt:x:134:abcxyz,admin
docker:x:1002:abcxyz

However, when I execute groups as my user, I only see:

$ groups
abcxyz

I have already logout and logged back in, restarted computer, and try modifying the group the user belongs to with usermod -a -G, but nothing seems to work.

elxordi
  • 153
  • 5
  • While you cannot see your memberships to those secondary groups, is this really causing a problem? If you are a member of a group you will be a member of that group as a secondary group; not as a primary group. – Giacomo1968 Aug 11 '18 at 15:43
  • It is: I am a member of the docker group, for example, but I cannot access the `/var/run/docker.sock` file despite having the correct user permissions. Same for files of group I belong to that have read access. – elxordi Aug 11 '18 at 16:40
  • possible answer there (that would be a bug with lightdm and kwallet): https://unix.stackexchange.com/questions/458194/missing-groups-at-each-startup/458523#458523 . might even be considered to mark it as "having a answer" if that's really the same. affects ubuntu 16 and 18 as well as a few others unrelated distributions – A.B Aug 11 '18 at 17:04
  • @A.B effectively, that seems to be the issue. After changing to gdm, the groups started appearing. Please, write it as an answer, so I can mark it as the correct one. Thanks! – elxordi Aug 12 '18 at 09:13

1 Answers1

3

It appears to be a bug, so to be considered probably fixed in a few weeks or a few months, triggered apparently only with a specific interaction between the graphical login lightdm and the PAM plugin libpam-kwallet5 and/or libpam-kwallet4. From reports seen, it appears to be at least present in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, possibly on other unrelated distributions. I'd rather put a lot of "it appears" because the actual root cause might not be well understood.

To know it's really this issue: login either on console, using su - $USER or ssh localhost would all set correctly the missing supplementary groups. Chaining several sg or newgrp with any group available in the output of id -nG $USER would also add one by one the missing groups from the configured supplementary groups list.

To work around this (I couldn't actually test it):

  • change graphical login manager. GDM is known to work correctly,

  • or disable the offending part of the KDE Wallet PAM integration in lightdm. Given the role of KDE Wallet it might possibly affect the way some stored secrets are accessible:

    Comment out any line in /etc/pam.d/lightdm having auth optional pam_kwallet.so or auth optional pam_kwallet5.so, eg as root with:

      cp -ai /etc/pam.d/lightdm /root/pam-lightdm.orig && sed -E -i 's/^(\s*auth\s+optional\s+pam_kwallet)/#\1/' /etc/pam.d/lightdm

  • or use any other login method like described above,

  • or wait enough time an update fixes the bug.

Credits where it belongs to:

https://unix.stackexchange.com/questions/458194/missing-groups-at-each-startup

Probably related:

https://unix.stackexchange.com/questions/457884/empty-user-groups-in-terminal-wrapper-applications

Other reference:

https://bugzilla.redhat.com/show_bug.cgi?id=1581495

Community
  • 1
A.B
  • 5,338
  • 1
  • 17
  • 20