Re: trace attached - Re: Folder in NFS-Share-Permission denied-but the user is group member

[Steffen Kolbe <kolbe@vwi.tu-dresden.de>]

@ Neil Brown: Thanks

Neil Brown wrote:

>On Monday May 8, kolbe@vwi.tu-dresden.de wrote:
>  
>
>>Hi Neil,
>>
>>I've reduced the groups massive. The test user is in 15 groups, an other 
>>test user is in 14 groups - same problem.
>>I've traced the traffic with ethereal, the captured traffic files are here:
>>
>>http://141.30.186.11/~kolbe/nfs   or    
>>http://vwitme011.vkw.tu-dresden.de/~kolbe/nfs
>>    
>>
>
>This trace shows requests coming from user with uid 10010, gid 10012 and
>Auxiliary gids: 20,21,24,25,29,30,44,46,100,110,10010,10011,10012,10014,10016,10017
>
>The accesses are for a file with uid 10021 and gid 10038 (not on this
>list).
>
>  
>
yes, the file/folder was written by user 10021 with sec. gid 10038  
(pri. gid 10012)
but the file (parent folder) is 2770, so members of gid 10038 should 
have access

the user who would access them has uid 10010 and primary gid 10012
but: the user (uid  10010) is also member of gid 10038 and should so 
have access (because 2770) - but haven't

>Maybe you need to log out and log back in again for the changes you
>made to take effect properly?
>  
>
done + restart nfs-server, same problem

>I use the 'groups' command to find out exactly what groups you are in
>at a given time.
>  
>
ooops, 'groups' shows also the system groups...

vwitme-staff dialout fax cdrom floppy audio dip video plugdev users 
scanner vwi-all vwitme-all vwitme-students vwitme-admins vwi-admins 
vwitme-projects vwitme-extern vwitme-projects-katastrophen vwi-staff 
vwitme-library vwitme-projects-lanechanging vwitme-projects-roadnetworks 
vwitme-studi vwitme-www

.....so the user is in 25 groups, hmmmmm...... but I've no real chance 
to reduce them. I think the system groups + ~30 network groups for some 
users is minimum I need.

>  
>
>>-----------------------------------------------------------
>>general question:
>>Is their a real solution to use ~50 groups with nfs? Because we've many 
>>project groups, some team leaders, many crossover memberships over some 
>>departments and .......
>>How is this solved in bigger environments?
>>    
>>
???? , any ideas ?

>>    
>>
>
>I'll be happy to answer this when you post it to the list :-)
>  
>
sorry, I've understand ;-)

>NeilBrown
>  
>
Thanks and regards
Steffen


-- 


Mit freundlichen Gruessen

Steffen Kolbe
Andreas-Schubert-Str. 23
D-01062 Dresden
------------------------------------------------------
Phone: +49/0 351 463-36750
Fax: +49/0 351 463-36809
e-mail: kolbe1@vwi.tu-dresden.de
------------------------------------------------------
Institut fuer Wirtschaft und Verkehr
Fakultaet Verkehrswissenschaften "Friedrich List"
Technische Universitaet Dresden
------------------------------------------------------ 



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs