Hi Trond,
Thanks for your information.
Best regards,
Chengen Du
On Thu, Dec 15, 2022 at 3:42 AM Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote:
>
>
>
> > On Dec 14, 2022, at 03:47, Chengen Du <chengen.du@xxxxxxxxxxxxx> wrote:
> >
> > The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on
> > or timeout (without delegation).
> > Adding a user to a group in the NFS server will not cause any file
> > attributes to change.
> > The client will encounter permission errors until other file attributes
> > are changed or the memory cache is dropped.
> >
> > Steps to reproduce the issue:
> > 1.[client side] testuser is not part of testgroup
> > testuser@kinetic:~$ ls -ld /mnt/private/
> > drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
> > testuser@kinetic:~$ mktemp -p /mnt/private/
> > mktemp: failed to create file via template
> > ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> > 2.[server side] add testuser into testgroup, which has access to folder
> > root@kinetic:~$ usermod -aG testgroup testuser &&
> > echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
> > 3.[client side] create a file again but still fail
> > testuser@kinetic:~$ mktemp -p /mnt/private/
> > mktemp: failed to create file via template
> > ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> >
>
> Thanks, but the correct way to deal with this is to log out and log back in again, the way the POSIX gods intended. See commit 0eb43812c027 ("NFS: Clear the file access cache upon login”).
>
> _________________________________
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> trond.myklebust@xxxxxxxxxxxxxxx
>
