Hello!
Am Montag, 29. Januar 2018, 13:22:49 schrieb Wolfgang Walter:
> Hello,
>
> after upgrading our nfs-server from 4.9.75 to 4.9.78 group permissions stop
> working (for clients). If you need group permissions to access a file or
> directory, sometimes access is granted, but rather often denied. Often
> access to the same object is denied within seconds after access was granted
> in an earlier access. user permissions work fine.
>
> Downgrading to 4.9.75 fixes the issue.
>
> We use kerberos.
>
> Regards,
This seems to be fixed in 4.15 with commit
1995266727fa8143897e89b55f5d3c79aa828420:
commit 1995266727fa8143897e89b55f5d3c79aa828420
Author: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>
Date: Mon Jan 22 20:11:06 2018 +0000
nfsd: auth: Fix gid sorting when rootsquash enabled
Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
group_info allocators") appears to break nfsd rootsquash in a pretty
major way.
It adds a call to groups_sort() inside the loop that copies/squashes
gids, which means the valid gids are sorted along with the following
garbage. The net result is that the highest numbered valid gids are
replaced with any lower-valued garbage gids, possibly including 0.
We should sort only once, after filling in all the gids.
Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
...")
Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>
Acked-by: J. Bruce Fields <bfields@xxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
So this should be applied to stables 4.4, 4.9 and 4.14 (and others where
bdcf0a423ea1 has been backported to).
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts