OT - NFS group ignored

Ed Greshko ed.greshko at greshko.com
Sun Jul 26 14:45:00 UTC 2015 

On 07/26/15 22:34, Emmett Culley wrote:
> On 07/25/2015 08:31 PM, Cameron Simpson wrote:
>> On 26Jul2015 10:39, Ed Greshko <ed.greshko at greshko.com> wrote:
>>> On 07/26/15 10:34, Cameron Simpson wrote:
>>>> On 26Jul2015 08:06, Ed Greshko <ed.greshko at greshko.com> wrote:
>>>>> But, FWIW, I'm trying to replicate a failure here and can't.
>>>> My standard question in this situation is: how many groups is the user in on the client machine?
>>>>
>>> Well, in my non-failing case, just 2.
>>>
>>> Not heard of a limitation in that area.
>> Historically there was a 16 group protocol limit on what the client passed to the NFS server, so unless the file's group was in your first 15 secondary groups it would not be consulted for file access.
>>
>> Let's see what the OP has to deal with.
>>
>> Cheers,
>> Cameron Simpson <cs at zip.com.au>
> On the Fedora client my user is a member of ten groups, including my own. On the server my user is a member of seven groups, including my own and the web_prog group in question here.
>
> Where can I look to find if there are "still" limitations on the number of groups passed to the server?

Google returned some information.  But, being it was Sunday and I was busy I didn't spend time to digest.
>
> Anybody have a response to my question about idmapd requiring UID and/or GID numerical synchronization between client and server?
>
The UIDs and GIDs on my NFS server are the same as on my clients.  I don't do any mapping or make any changes to my idmapd.conf other than for the Domain. 

In the examples of my tests I used my wife's account.  She hasn't been a user of NFS so her UID/GID aren't the same on the server even though she has an account (some admin neglect).  You can see that the UID didn't match as it became set to "nobody".  Since the SetGID bit was set on the directory and the GID of the mount point is egreshko the file touched became GID of egreshko.  Without the SetGID bit set it became "nobody".

-- 
If I wanted a blog or social media I'd go elsewhere

More information about the users mailing list