Re: OT - NFS group ignored

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/26/15 22:34, Emmett Culley wrote:
> On 07/25/2015 08:31 PM, Cameron Simpson wrote:
>> On 26Jul2015 10:39, Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
>>> On 07/26/15 10:34, Cameron Simpson wrote:
>>>> On 26Jul2015 08:06, Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
>>>>> But, FWIW, I'm trying to replicate a failure here and can't.
>>>> My standard question in this situation is: how many groups is the user in on the client machine?
>>>>
>>> Well, in my non-failing case, just 2.
>>>
>>> Not heard of a limitation in that area.
>> Historically there was a 16 group protocol limit on what the client passed to the NFS server, so unless the file's group was in your first 15 secondary groups it would not be consulted for file access.
>>
>> Let's see what the OP has to deal with.
>>
>> Cheers,
>> Cameron Simpson <cs@xxxxxxxxxx>
> On the Fedora client my user is a member of ten groups, including my own. On the server my user is a member of seven groups, including my own and the web_prog group in question here.
>
> Where can I look to find if there are "still" limitations on the number of groups passed to the server?

Google returned some information.  But, being it was Sunday and I was busy I didn't spend time to digest.
>
> Anybody have a response to my question about idmapd requiring UID and/or GID numerical synchronization between client and server?
>
The UIDs and GIDs on my NFS server are the same as on my clients.  I don't do any mapping or make any changes to my idmapd.conf other than for the Domain. 

In the examples of my tests I used my wife's account.  She hasn't been a user of NFS so her UID/GID aren't the same on the server even though she has an account (some admin neglect).  You can see that the UID didn't match as it became set to "nobody".  Since the SetGID bit was set on the directory and the GID of the mount point is egreshko the file touched became GID of egreshko.  Without the SetGID bit set it became "nobody".

-- 
If I wanted a blog or social media I'd go elsewhere
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux