Microsoft KB Archive/281313

= Server for NFS Does Not Recognize Group Membership Changes =

Article ID: 281313

Article Last Modified on 11/1/2006

-

APPLIES TO

 Microsoft Windows Services for UNIX 2.0 Standard Edition, when used with:  Microsoft Windows 2000 Standard Edition

 Microsoft Windows NT 4.0 

-



This article was previously published under Q281313



SYMPTOMS
Windows Services for UNIX includes a Server for NFS component. If a group membership change is implemented by the administrator, the Server for NFS component does not recognize the change immediately. This could allow a user to gain access to files to which that user no longer has rights.

For example, assume that User1 is a member of the UnixGrp1 and UnixGrp2 groups. Only members of the UnixGrp2 group are allowed access to the Test.txt file. User1 can access the file. if the administrator removes User1 from the UnixGrp2 group, User1 should no longer have access to the Test.txt file. However, Server for NFS does not immediately recognize the group membership change and allows User1 to access the Test.txt file.



CAUSE
This behavior occurs because group membership information is cached by the Server for NFS component.



RESOLUTION
To work around the problem, you can use either of the following methods after group membership has been changed:
 * Stop and restart the NFS server.
 * Stop and restart the mapping service.

NOTE: If you use the second method, the changes in group membership are recognized at the next refresh interval.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in Microsoft Windows NT 4.0 and Microsoft Windows 2000.

Keywords: kbbug kbenv kbnofix kbunixservice KB281313

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.