Boy howdy, I'm kind of scratching my head over this.
I have a directory with 770 permissions:
inger@server$> ls -ld mydir
drwxrwx--- 2 root mygroup1 4096 May 22 05:27 mydir
I can't cd into it:
inger@server$> cd mydir
-bash: cd: mydir: Permission denied
Hmm, okay, I guess I'm not in the mygroup1 group, right? Wrong:
inger@server$> groups inger
inger: inger [a bunch of other groups] mygroup1 mygroup2 mygroup3
...confirming with getent
inger@server$> getent group mygroup1
mygroup1:*:1903:inger,[a bunch of other users]
...Maybe there's some mixup with the GID of mygroup1? Nope:
inger@server$> ls -nd mydir
drwxrwx--- 2 0 1903 4096 May 22 05:27 mydir
If I chown the group to root:mygroup2, I can get in just fine:
inger@server$> sudo -s
root@server:# chown root:mygroup2 mydir
root@server:# ls -ld mydir
drwxrwx--- 2 root mygroup2 4096 Aug 15 09:44 mydir
root@server:# exit
inger@server$> cd mydir
^^ that works
There are no special ACLs overriding normal UNIX perms:
inger@server$> getfacl mydir
# file: mydir
# owner: root
# group: mygroup1
user::rwx
group::rwx
other::---
This directory doesn't have a special NFS mount or anything - it shares a mount with other directories, none of which have this problem, but they also aren't owned by mygroup1.
So, the problem appears to be specific to this group.
This problem was discovered this morning - members of mygroup1 could get into mydir just fine yesterday.
We manage users and groups with FreeIPA, and yesterday I added some new users to the mygroup1 group. But I added users to the mygroup2 group as well, and there are no problems with that.
Anyone have any recommendations?
This is a limitation with certain NFS configurations where your group memberships after the 16th group are ignored when resolving permissions. Here is a good writeup on it.