Problem: nis/yp client is somehow caching the group info for my users.

After a user has logged in they are added to a room-group which matches the room they are in. The server does `cd /var/yp; make`. However the client system does not properly recongize that user "test" is in the updated groups. You can see this if we just type `id` but if we do `id test` then it does a lookup to show the user is accually in the `room-lab1` group.

How do I flush the new group information to the client machine?

e.g.

test@s1-6:~$ id
uid=1004(test) gid=1000(students) groups=110(camera),1000(students)

test@s1-6:~$ id test
uid=1004(test) gid=1000(students) groups=1000(students),110(camera),1012(room-lab1)

test@s1-6:~$ id
uid=1004(test) gid=1000(students) groups=110(camera),1000(students)

If the user does a logout/login then the kde environment shows the propper groups. I need to be able to change the groups even when the user is logged in.


Client/Server are both running Debian Testing.
Client is a diskless workstation.
Client is running gdm and kde.

Don't have an answer as to how, after a user has logged in, make KDE reread/reset its environment variables. Maybe someone else can help with that.

However a workaround might be.

Change initdefault level on the clients to 3 [command line]

Create/addto .bashrc in user's home sleep 4 [give server a chance to update group file on the client box after user logs in]

User then issues startx or could be part of .bashrc if you don't want the students to see command line at all.

Just a thought.
ppd

I found the same behaviour with ssh.

* ssh into client machine (no X or gdm).
* on server update group file that user is in and run `make -C /var/yp`
* on client `id; groups` does not reflect the changes. However if I run `su - user` or newgrp then i see the new groups, but when I exit back out to the parent shell i do not see the new groups.


ssh into client:
test@s1-6:~$ id
uid=1004(test) gid=1000(students) groups=1000(students)

test@s1-6:~$ id test
uid=1004(test) gid=1000(students) groups=1000(students),1012(room-lab1)

test@s1-6:~$ newgrp room-lab1

test@s1-6:~$ id
uid=1004(test) gid=1012(room-lab1) groups=1000(students),1012(room-lab1)

test@s1-6:~$ exit

test@s1-6:~$ id
uid=1004(test) gid=1000(students) groups=1000(students)

test@s1-6:~$ su - test

test@s1-6:~$ id test
uid=1004(test) gid=1000(students) groups=1000(students),1012(room-lab1)

test@s1-6:~$ exit

test@s1-6:~$ id
uid=1004(test) gid=1000(students) groups=1000(students)

Read - dash option in man newgrp may be what is needed in my work around or appropriate gdm script/config to add 'sleep 4 newgrp -' to.

Maybe someone can pipe in here as I gave all I got!

ppd

Here is a note from 1991 saying that they had to re-login...
http://www.sunmanagers.org/archives/1991/0305.html

Re-login is not an acceptable solution.

It appears as if linux sets the groups for the process at login and they child processes inherit the groups. It is not just NIS, but also changes to non-nis /etc/group file does not update running processes.
http://www.codecomments.com/archive2...-9-602768.html

Solution: use pam_group.so

On system startup create a /etc/security/group.conf based on hostname.

Add the following to /etc/pam.d/gdm
This tells gdm to use the settings in /etc/security/group.conf

For our purpose we needed the students to be assigned to a group based on which computer lab they are in. The computers in each lab have a unique hostname so we use this to generate /etc/security/group.conf on bootup.