Question about NFS4 facls in combination with a GIT shared bare repo on NFSv4 share

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,
I have three short questions about NFSv4 ACLs. Both originating from problems with a shared bare GIT repository located on a NFSv4 share. 

Question 1:
==================
After creating a shared bare GIT repo on an NFSv4 share with
---------------
/nfsv4/share # git init --bare --shared=group repodir
/nfsv4/share # ls -l repodir
drwxrwsr-x  7 myuser mygroup   4096 Feb 16 14:12 repodir/
---------------
users on NFSv4 clients cannot push to this repo, but instead get the following error message: 
---------------
/local/repo # git push
...
remote: fatal: error when closing sha1 file: Permission denied
error: unpack failed: unpack-objects abnormal exit
...
---------------

An strace on the 'git push' command shows:
---------------
# strace -fF git push
[pid 3620] open("objects/0f/tmp_obj_lc5ecp", O_RDWR|O_CREAT|O_EXCL, 0444) = 3 
[pid  3620] brk(0x27ff000)              = 0x27ff000
[pid 3620] write(3, "x\1\235\316A\n\303 \20\0\300\236}\205\367BPw\325\4J\351Wt]\223\34\214\305l\350\367"..., 153) = 153 
[pid  3620] brk(0x27ef000)              = 0x27ef000
[pid  3620] brk(0x27df000)              = 0x27df000
[pid  3620] brk(0x27de000)              = 0x27de000
[pid  3620] close(3)                    = -1 EACCES (Permission denied)
---------------
where the file "objects/0f/tmp_obj_lc5ecp" is located in "/nfsv4/share/repodir/". 

What is the problem here really?


Question 2:
==================
The problem of Q1 is solved/worked around by adding the NFSv4 "write-owner - change ownership of the file/directory" (o flag) for the group "mygroup", such that: 
---------------
/nfsv4/share # nfs4_getfacl repodir
A:fdg:mygroup@mydomain:rwaDxtTnNcCoy
....
---------------
Why is this needed in addition to the already existing setgid bit?


Question 3:
==================
Note that the problem is NOT solved with this ACL:
---------------
/nfsv4/share # nfs4_getfacl repodir
A:fdg:GROUP@:rwaDxtTnNcCoy
....
/nfsv4/share # ls -l repodir
drwxrwsr-x  7 myuser mygroup   4096 Feb 16 14:12 repodir/
---------------
Why are the same access rights not working for @GROUP (and posix group "mygroup" but only when specifying mygroup@mydomain explicitly? 



Thanks for any help!

Best regards,
Joschi Brauchle

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux