Server for NFS Does Not Recognize Group Membership Changes (281313)


The information in this article applies to:

  • Microsoft Windows Services for UNIX 2.0, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows NT 4.0
This article was previously published under Q281313

SYMPTOMS

Windows Services for UNIX includes a Server for NFS component. If a group membership change is implemented by the administrator, the Server for NFS component does not recognize the change immediately. This could allow a user to gain access to files to which that user no longer has rights.

For example, assume that User1 is a member of the UnixGrp1 and UnixGrp2 groups. Only members of the UnixGrp2 group are allowed access to the Test.txt file. User1 can access the file. if the administrator removes User1 from the UnixGrp2 group, User1 should no longer have access to the Test.txt file. However, Server for NFS does not immediately recognize the group membership change and allows User1 to access the Test.txt file.

CAUSE

This behavior occurs because group membership information is cached by the Server for NFS component.

RESOLUTION

To work around the problem, you can use either of the following methods after group membership has been changed:
  • Stop and restart the NFS server.
  • Stop and restart the mapping service.
NOTE: If you use the second method, the changes in group membership are recognized at the next refresh interval.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows NT 4.0 and Microsoft Windows 2000.
Modification Type:MajorLast Reviewed:5/13/2003
Keywords:kbbug kbenv kbnofix kbUNIXService KB281313
©2002 Microsoft Corporation. All rights reserved.