From: Raimund Eimann <raimund-47KOqKphs/PNLxjTenLetw@public.gmane.org>
To: <linux-nfs@vger.kernel.org>
Subject: Please help: half working NFS / weird permissions issue
Date: Thu, 17 Jun 2010 07:28:44 +0200 [thread overview]
Message-ID: <d5417bd9b9142da098b1c0df06b7a294@localhost> (raw)
Hi,
I've been using NFS on SuSE/openSuSE Linux for 10 years now and know that
UID/GID must match the server to have the same permissions on the NFS
client box.
I've exported ~10 directories on the server. When the client box still ran
openSuSE 11.2, everything was ok.
Recently, I installed the client with Ubuntu 10.04 64 bit, and now NFS is
partly broken, without making any changes to the server:
* I'm running openLDAP to distribute user information, so UIDs and GIDs
are identical on both the client and the server.
* for certain groups, I get permission problems, for others everything is
fine:
* I have a openLDAP-provided group bbusers which all users belong to.
Home dir perms are <username>:bbusers with either 750 of even 700
permissions on most subdirectoies. No problems here.
* I have another groups provided by openLDAP called bbpcit_p and
bbpict_r and some directories that uses these groups on an NFS export
mounted on the client:
raimund@nfsclient:/nfs/p$ l -d Garten Scans
drwxr-x--- 3 root bbpict_p 36864 2009-09-13 18:46 Garten/
drwxr-x--- 9 root bbpict_r 4096 2008-12-04 21:36 Scans/
Numeric UIDs/GIDs here:
raimund@jupiter:/nfs/p$ l -dn Garten Scans
drwxr-x--- 3 0 1017 36864 2009-09-13 18:46 Garten/
drwxr-x--- 9 0 1007 4096 2008-12-04 21:36 Scans/
I can "cd Scans" without problems, but I can't "cd Garten", I get
"permission denied" If I try the latter. I am a member of both groups:
raimund@jupiter:/nfs/p$ id | tr "," "\n" |grep bbpict_
1007(bbpict_r)
1017(bbpict_p)
* I am sure this is an NFS problem, because when I create directories
with the same permissions/groups an a local filesystem, everything works
just fine. When I SSH into the server I can enter the directories just fine
as well.
* If I do a "sg bbict_p", my default group changes from bbusers
(GID=1000) to bbpict_p. After this procedure I can "cd Garten".
* Could it be that the NFS-client somehow ignores higher GIDs? Groups
with GIDs>=1012 seem to suffer from this problem more often, but I haven't
tested them all. Which config file might contain restrictions like this?
I am pretty much out of ideas on this problem. I would *greatly*
appreciate hints on how to solve it. Please, NFS-experts, enlighten me!
Cheers,
Raimund
next reply other threads:[~2010-06-17 5:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-17 5:28 Raimund Eimann [this message]
2010-06-18 13:31 ` Please help: half working NFS / weird permissions issue Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5417bd9b9142da098b1c0df06b7a294@localhost \
--to=raimund-47koqkphs/pnlxjtenletw@public.gmane.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.