does 'group dev' have the same id on two VMss? do the the VMs use the same 'ceph auth name' to mount cephfs? On Wed, Nov 6, 2019 at 4:12 PM Alex Litvak <alexander.v.litvak@xxxxxxxxx> wrote: > > Plot thickens. > > I create a new user sam2 and group sam2 both uid and gid = 1501. User sam2 is a member of group dev. When I switch to user sam2 I get permission deny when writing to > rwxrwxr-x dev dev /webcluster/data > > However I can write to > rwxrwxr-x dev dev /webcluster/data/examples > > It makes no sense. Old users from the group dev (created and connected) long time ago can write into data dir and new ones cannot. > > On 11/5/2019 3:07 PM, Alex Litvak wrote: > > Hello Cephers, > > > > > > I am trying to understand how uid and gid are handled on the shared cephfs mount. I am using 14.2.2 and cephfs kernel based client. > > I have 2 client vms with following uid gid > > > > vm1 user dev (uid=500) group dev (gid=500) > > vm2 user dev (uid=500) group dev (gid=500) > > > > > > vm1 user tomcat (uid=996) group tomcat (gid=995) > > vm2 user tomcat (uid=990) group tomcat (gid=990) > > > > > > on both machines user tomcat is added to a group dev. > > > > > > Directory /webcluster/data is a kernel cephfs mount and has permissions visible on both clients as > > > > rwxrwxr-x dev dev /webcluster/data > > > > also > > > > rwxr-xr-x root root /webcluster > > > > So it is my understanding that on both vms I should be able to successfully run > > > > touch /webcluster/data/foo as user tomcat. > > > > However, on vm2 I get permission denied when I attempt to write a file in /webcluster/data. > > When I change uid and gid of tomcat on vm2 to match those on vm1, then I successfully can write into /webcluster/data. > > > > As on both machines user tomcat is a member of group dev and group dev is allowed to write in the directory, why do the uids of the group members need to match across network? > > > > > > I tried research it on my own and failed to find a good explanation. > > > > > > Thank you for your help, > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |