/usr/bin/usrun[38]: Permission denied when user has more than 20 groups and rule is matching on groups

  • 7004950
  • 01-Dec-2009
  • 26-Apr-2012


Novell Privileged User Manager 2.2
Novell Privileged User Manager 2.2.1


If rules are matching on groups and the submit user has more than 20 groups, the agent does not properly send any groups.


This is resolved in Novell Privileged User 2.2.1-1 (Hot Fix1) or greater.

Additional Information

Add "$<>$" to the User Message of the Matching Rule.
Adding $<>$ will output debug information at the agent console when the command is run.

In this case, the "Groups.i.items returns a -1, instead of all the groups.

<Groups i.items="-1"/>