Hello! Am Montag, 29. Januar 2018, 13:22:49 schrieb Wolfgang Walter: > Hello, > > after upgrading our nfs-server from 4.9.75 to 4.9.78 group permissions stop > working (for clients). If you need group permissions to access a file or > directory, sometimes access is granted, but rather often denied. Often > access to the same object is denied within seconds after access was granted > in an earlier access. user permissions work fine. > > Downgrading to 4.9.75 fixes the issue. > > We use kerberos. > > Regards, This seems to be fixed in 4.15 with commit 1995266727fa8143897e89b55f5d3c79aa828420: commit 1995266727fa8143897e89b55f5d3c79aa828420 Author: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx> Date: Mon Jan 22 20:11:06 2018 +0000 nfsd: auth: Fix gid sorting when rootsquash enabled Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility group_info allocators") appears to break nfsd rootsquash in a pretty major way. It adds a call to groups_sort() inside the loop that copies/squashes gids, which means the valid gids are sorted along with the following garbage. The net result is that the highest numbered valid gids are replaced with any lower-valued garbage gids, possibly including 0. We should sort only once, after filling in all the gids. Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility ...") Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx> Acked-by: J. Bruce Fields <bfields@xxxxxxxxxx> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> So this should be applied to stables 4.4, 4.9 and 4.14 (and others where bdcf0a423ea1 has been backported to). Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts