We have existing NFS servers based on Debian Bookworm that run nfs-kernel-server 1.3.4. We have recently stood up some Debian Bullseye fileservers, which come with 2.6.2. Apparently, there are some big differences in how users' group memberships are handled between the two. For example, on the client machine, my UID is 1000. I am in groups 0, 106, 181, and 1000. On the server, my UID is 1000, and I am in groups 0, 27, 106, and 1000. With the 1.3.4 server, the client's set of groups is used. I can "chgrp 181 x" but not "chgrp 27 x." $ touch x $ ls -ln x -rw-rw-r-- 1 1000 1000 0 Aug 30 05:47 x $ chgrp 181 x $ ls -ln x -rw-rw-r-- 1 1000 181 0 Aug 30 05:47 x $ chgrp 27 x chgrp: you are not a member of group 27 $ ls -ln x -rw-rw-r-- 1 1000 181 0 Aug 30 05:47 x $ rm x >From the same client, with the 2.6.2 server, the server's groups are used. I can "chgrp 27 x" but not "chgrp 181 x." $ touch x $ ls -ln x -rw-rw-r-- 1 1000 1000 0 Aug 30 05:50 x $ chgrp 181 x chgrp: x: Operation not permitted $ ls -ln x -rw-rw-r-- 1 1000 1000 0 Aug 30 05:50 x $ chgrp 27 x $ ls -ln x -rw-rw-r-- 1 1000 27 0 Aug 30 05:50 x $ rm x This change in behavior was quite startling! We are using sec=sys, and this change in behavior happens with both NFSv3 and NFSv4.2 clients, so it doesn't seem to be related to ID mapping. In this case, it's not possible to synchronize users and groups between the clients and servers, because Docker is involved and the stuff that happens with uids and gids inside docker is chaos. I can control the NFS server configuration. I have minimal control over what happens inside those containers on the client machines. Is there any way for me to get the old behavior from the new server short of downgrading? My attempts to Google for more information about this have been utterly fruitless. Thanks for any advice!
