When running sewhoami -a for users within an OS group, some do not show the group properly. This is causing rules to be applied inconsistently between members of the group.
For example, the OS group opttest is shown in the output of id for optuser. When sewhoami -a is called, it shows the group as well.
# id
uid=10206(optuser) gid=10206(opttest) groups=10206(opttest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# sewhoami -a
optuser
ACEE Contents
User's Name : optuser
ACEE's Handle : 79
Group Connections Table:
Group Name Connection Mode
==================== =================================
opttest OS_group
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure
User's Security Level : 0
Source Terminal : localhost
Process Count for ACEE : 1
User's Mode : OS_user
ACEE's Creation Time : Tue Jun 7 17:36:55 2022
For optuser2, id shows the group but sewhoami -a shows the group list as <Empty>.
# id
uid=115(optuser2) gid=10206(opttest) groups=10206(opttest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# sewhoami -a
optuser2
ACEE Contents
User's Name : optuser2
ACEE's Handle : 79
Group Connections Table:
<Empty>
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure
User's Security Level : 0
Source Terminal : localhost
Process Count for ACEE : 1
User's Mode : Regular
ACEE's Creation Time : Wed Jun 15 17:55:36 2022
Privileged Identity Manager 12.8 SP1
PAM Server Control 14.x
The issue is occurring because opttest is an XGROUP and optuser is an XUSER, but optuser2 is a USER. A USER cannot be a member of an XGROUP, they can only be a member of a GROUP.
# selang -s -c "sxg opttest"
(localhost)
Data for XGROUP 'opttest'
-----------------------------------------------------------
Owner : nobody (USER )
Create time : 15-Jun-2022 12:32
Update time : 15-Jun-2022 12:32
Updated by : root (USER )
# selang -s -c "sxu optuser"
(localhost)
Data for XUSER 'optuser'
-----------------------------------------------------------
Owner : root (USER )
Last accessed : localhost
Last access time : 17-Jun-2022 16:06
Create time : 07-Jun-2022 17:27
Update time : 07-Jun-2022 17:27
Updated by : root (USER )
# selang -s -c "su optuser2"
(localhost)
Data for USER 'optuser2'
-----------------------------------------------------------
Audit mode : Login-Success, Failure, Login-Failure
Owner : nobody (USER )
Last accessed : localhost
Last access time : 15-Jun-2022 17:55
Create time : 15-Jun-2022 17:55
Update time : 15-Jun-2022 17:55
Updated by : root (USER )
Either the user needs to be removed and recreated as an xuser or the xgroup and corresponding xusers need to be removed and recreated as a group and users.