OT - NFS group ignored

Emmett Culley lst_manage at webengineer.com
Sat Jul 25 23:38:17 UTC 2015


On 07/25/2015 02:01 PM, Ed Greshko wrote:
> On 07/26/15 03:41, Emmett Culley wrote:
>> I just noticed that when accessing an NFS mount, the group is ignored.
>>
>> For example, on the server that shares the files via NFS that lists from the NFS client as:
>>
>> $ ls -l/nfs/web
>> -rw-rw-r-- 1 root   web_prog   491 Oct 16  2012 parse.php
>>
>> $ mount
>> web:/ on /lvh1/web type nfs4 (rw,noatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.6.12,local_lock=none,addr=192.168.6.232)
>>
>>
>> A user on the client machine that is a member of group web_prog cannot write the file (parse.php).  If the user is changed from root to the client user's UID via chown on the server, the user on the client machine can then write the file.
>>
>> The server is on CentOS 7 and the client is on Fedora 21.  If I do the same test from a CentOS 7 or CentOS 6 machine client, it works as expected.  That is, the group permissions are honoured by the NFS client on those non-Fedora machines.
>>
>> So, I figure there is something wrong with my Fedora NFS configuration.  Nothing shows up that is related to this issue when searching the Internet.
>>
>> What I have tried:
>>
>> Insure that Domain in /etc/idmapd.conf  is the same on  both client and server.  Though the fact that the user ID is honoured would indicate that is correct.
>>
>> Insured that the numerical user ID and group ID match on both client and server, even though until now I always assumed that idmapd did not require the numerical IDs to match with NFS4
>>
>> Any help would be appreciated.
> What is the output of "ls -l /nfs/we" after you have performed the mount?
> 
> Remember, the UID/GID are held in the file system itself.  Before you mount, it will be the UID/GID of the mount point and after you mount it will be the UID/GID held by the newly mounted file system.
> 
> 
The results of ls -l on a file in the NFS share is provided above (from the client machine).

The results of ls -ld (from the client machine) is:

drwxrwsr-x 12 root web_prog 4096 Jul 25 13:28 /nsf/web

My fedora user is definitely a member of the web_prog group and both the client and the server have the same numeric GID for that group.

I don't know if this is something new as I recently moved some files to a new server (CentOS 6 to CentOS 7), and previous to the move my Fedora user owned those files on the old server.  And I only just now discovered this issue.  

I also reinstalled Fedora 21 from scratch after attempting to try Fedora 22, and finding Fedora 22 not ready for prime time.  Which further makes me suspect a configuration issue.

BTW, am I wrong that idmapd should not require synchronized UIDs and GIDs between client and server, at least for NFS4?

Emmett





More information about the users mailing list