/usr/bin/usrun[38]: Permission denied when user has more than 20 groups and rule is matching on groups

  • 7004950
  • 01-Dec-2009
  • 26-Apr-2012

Environment

Novell Privileged User Manager 2.2
Novell Privileged User Manager 2.2.1

Situation

If rules are matching on groups and the submit user has more than 20 groups, the agent does not properly send any groups.

Resolution

This is resolved in Novell Privileged User 2.2.1-1 (Hot Fix1) or greater.

Additional Information

Troubleshooting:
Add "$<>$" to the User Message of the Matching Rule.
Adding $<>$ will output debug information at the agent console when the command is run.

In this case, the "Groups.i.items returns a -1, instead of all the groups.

<Groups i.items="-1"/>