From: Joschi Brauchle <joschi.brauchle@tum.de>
To: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"Fehenberger, Tobias" <tobias.fehenberger@tum.de>,
"Stinner, Markus" <markus.stinner@tum.de>,
Tasnad Kernetzky <tasnad.kernetzky@tum.de>
Subject: Question about NFS4 facls in combination with a GIT shared bare repo on NFSv4 share
Date: Mon, 16 Feb 2015 14:48:34 +0100 [thread overview]
Message-ID: <54E1F532.5030703@tum.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 2306 bytes --]
Hi everyone,
I have three short questions about NFSv4 ACLs. Both originating from
problems with a shared bare GIT repository located on a NFSv4 share.
Question 1:
==================
After creating a shared bare GIT repo on an NFSv4 share with
---------------
/nfsv4/share # git init --bare --shared=group repodir
/nfsv4/share # ls -l repodir
drwxrwsr-x 7 myuser mygroup 4096 Feb 16 14:12 repodir/
---------------
users on NFSv4 clients cannot push to this repo, but instead get the
following error message:
---------------
/local/repo # git push
...
remote: fatal: error when closing sha1 file: Permission denied
error: unpack failed: unpack-objects abnormal exit
...
---------------
An strace on the 'git push' command shows:
---------------
# strace -fF git push
[pid 3620] open("objects/0f/tmp_obj_lc5ecp", O_RDWR|O_CREAT|O_EXCL,
0444) = 3
[pid 3620] brk(0x27ff000) = 0x27ff000
[pid 3620] write(3, "x\1\235\316A\n\303
\20\0\300\236}\205\367BPw\325\4J\351Wt]\223\34\214\305l\350\367"...,
153) = 153
[pid 3620] brk(0x27ef000) = 0x27ef000
[pid 3620] brk(0x27df000) = 0x27df000
[pid 3620] brk(0x27de000) = 0x27de000
[pid 3620] close(3) = -1 EACCES (Permission denied)
---------------
where the file "objects/0f/tmp_obj_lc5ecp" is located in
"/nfsv4/share/repodir/".
What is the problem here really?
Question 2:
==================
The problem of Q1 is solved/worked around by adding the NFSv4
"write-owner - change ownership of the file/directory" (o flag) for the
group "mygroup", such that:
---------------
/nfsv4/share # nfs4_getfacl repodir
A:fdg:mygroup@mydomain:rwaDxtTnNcCoy
....
---------------
Why is this needed in addition to the already existing setgid bit?
Question 3:
==================
Note that the problem is NOT solved with this ACL:
---------------
/nfsv4/share # nfs4_getfacl repodir
A:fdg:GROUP@:rwaDxtTnNcCoy
....
/nfsv4/share # ls -l repodir
drwxrwsr-x 7 myuser mygroup 4096 Feb 16 14:12 repodir/
---------------
Why are the same access rights not working for @GROUP (and posix group
"mygroup" but only when specifying mygroup@mydomain explicitly?
Thanks for any help!
Best regards,
Joschi Brauchle
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4917 bytes --]
next reply other threads:[~2015-02-16 13:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-16 13:48 Joschi Brauchle [this message]
2015-02-16 21:35 ` Question about NFS4 facls in combination with a GIT shared bare repo on NFSv4 share mdw
2015-02-17 13:43 ` Joschi Brauchle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54E1F532.5030703@tum.de \
--to=joschi.brauchle@tum.de \
--cc=linux-nfs@vger.kernel.org \
--cc=markus.stinner@tum.de \
--cc=tasnad.kernetzky@tum.de \
--cc=tobias.fehenberger@tum.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox