Hi all,
I'm having an issue with my NFS mount and being able to access it from
my normal user account. The mount point is chmod'ed to 2770 with a GID
of 1100 (nfs) which is the same on both systems. I can access it if I
change my active group using newgrp, but not normally.
====================================
noir ~ # ls -lhd /home/nfs/share
drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
rypervenche@svelte ~ $ pwd
/home/rypervenche
rypervenche@svelte ~ $ cd nfs
-su: cd: nfs: Permission denied
rypervenche@svelte ~ $ newgrp nfs
rypervenche@svelte ~ $ cd nfs
rypervenche@svelte ~/nfs $
svelte ~ # grep nfs /etc/group
nfs:x:1100:rypervenche
====================================
You can find the details of my NFS server and client here:
====================================
svelte = client
noir = server
svelte ~ # tail -1 /etc/fstab
192.168.1.100:/ /home/rypervenche/nfs nfs
rw,noauto,noexec,nodev,nosuid 0 0
noir ~ # cat /etc/exports
# /etc/exports: NFS file systems being exported. See exports(5).
/home/nfs/share 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check) 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
noir ~ # id nfs
uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
NFS_NEEDED_SERVICES="rpc.idmapd"
OPTS_RPC_NFSD="8"
OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
OPTS_RPC_STATD="-p 32765 -o 32766"
OPTS_RPC_IDMAPD=""
OPTS_RPC_GSSD=""
OPTS_RPC_SVCGSSD=""
OPTS_RPC_RQUOTAD=""
EXPORTFS_TIMEOUT=30
noir ~ # iptables-save | egrep '(NFS|T -m conn)'
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
-A INPUT -s 192.168.1.205/32 -p udp -m udp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
-A INPUT -s 192.168.2.100/32 -p tcp -m tcp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
-A INPUT -s 192.168.2.100/32 -p udp -m udp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
svelte:
net-fs/nfs-utils-1.2.6 was built with the following:
USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos (-selinux)"
noir:
net-fs/nfs-utils-1.2.6 was built with the following:
USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos (-selinux)" ABI_X86="64"
svelte ~ # uname -a
Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel GNU/Linux
noir ~ # uname -a
Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013 x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
====================================
I found online that the issue is due to NFS not being able to grab
over 16 GIDs. I found help in the following two links:
https://xkyle.com/solving-the-nfs-16-group-limit-problem/
https://wiki.archlinux.org/index.php/NFS_Troubleshooting
I tried adding the --manage-gids flag to mountd (which can be seen in
the /etc/conf.d/nfs file above), however, it does not appear to
resolve the issue.
====================================
noir ~ #
cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
0 10: 0 1 2 3 4 6 10 11 26 27
1000 9: 10 18 19 27 78 85 100 250 1000
noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
noir ~ #
cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
Then I mount the NFS again:
noir ~ # cat /proc/net/rpc/auth.unix.gid/content
#uid cnt: gids...
0 10: 0 1 2 3 4 6 10 11 26 27
1000 9: 10 18 19 27 78 85 100 250 1000
====================================
It looks as though it is not grabbing all of my GIDs.
Does anyone have some light they can shed on this? Thanks.
On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> Hi all,
>
> I'm having an issue with my NFS mount and being able to access it from
> my normal user account. The mount point is chmod'ed to 2770 with a GID
> of 1100 (nfs) which is the same on both systems. I can access it if I
> change my active group using newgrp, but not normally.
>
> ====================================
> noir ~ # ls -lhd /home/nfs/share
> drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
>
> rypervenche@svelte ~ $ pwd
> /home/rypervenche
> rypervenche@svelte ~ $ cd nfs
> -su: cd: nfs: Permission denied
> rypervenche@svelte ~ $ newgrp nfs
> rypervenche@svelte ~ $ cd nfs
> rypervenche@svelte ~/nfs $
>
> svelte ~ # grep nfs /etc/group
> nfs:x:1100:rypervenche
> ====================================
>
> You can find the details of my NFS server and client here:
>
> ====================================
> svelte = client
> noir = server
>
> svelte ~ # tail -1 /etc/fstab
> 192.168.1.100:/ /home/rypervenche/nfs nfs
> rw,noauto,noexec,nodev,nosuid 0 0
>
> noir ~ # cat /etc/exports
> # /etc/exports: NFS file systems being exported. See exports(5).
> /home/nfs/share 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check) 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
>
> noir ~ # id nfs
> uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
>
> noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> NFS_NEEDED_SERVICES="rpc.idmapd"
> OPTS_RPC_NFSD="8"
> OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> OPTS_RPC_STATD="-p 32765 -o 32766"
> OPTS_RPC_IDMAPD=""
> OPTS_RPC_GSSD=""
> OPTS_RPC_SVCGSSD=""
> OPTS_RPC_RQUOTAD=""
> EXPORTFS_TIMEOUT=30
>
> noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
> -A INPUT -s 192.168.1.205/32 -p udp -m udp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
> -A INPUT -s 192.168.2.100/32 -p tcp -m tcp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
> -A INPUT -s 192.168.2.100/32 -p udp -m udp -m multiport --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
>
> svelte:
> net-fs/nfs-utils-1.2.6 was built with the following:
> USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos (-selinux)"
>
> noir:
> net-fs/nfs-utils-1.2.6 was built with the following:
> USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos (-selinux)" ABI_X86="64"
>
> svelte ~ # uname -a
> Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel GNU/Linux
>
> noir ~ # uname -a
> Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013 x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
> ====================================
>
>
> I found online that the issue is due to NFS not being able to grab
> over 16 GIDs. I found help in the following two links:
>
> https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> https://wiki.archlinux.org/index.php/NFS_Troubleshooting
>
> I tried adding the --manage-gids flag to mountd (which can be seen in
> the /etc/conf.d/nfs file above), however, it does not appear to
> resolve the issue.
>
> ====================================
> noir ~ #
> cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> 0 10: 0 1 2 3 4 6 10 11 26 27
> 1000 9: 10 18 19 27 78 85 100 250 1000
>
> noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
>
> noir ~ #
> cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
>
> Then I mount the NFS again:
>
> noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> #uid cnt: gids...
> 0 10: 0 1 2 3 4 6 10 11 26 27
> 1000 9: 10 18 19 27 78 85 100 250 1000
> ====================================
>
> It looks as though it is not grabbing all of my GIDs.
What do you expect the list to be? Which groups is uid 1000 a member of
on the server?
--b.
PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBsaW51eC1uZnMtb3duZXJAdmdl
ci5rZXJuZWwub3JnIFttYWlsdG86bGludXgtbmZzLQ0KPiBvd25lckB2Z2VyLmtlcm5lbC5vcmdd
IE9uIEJlaGFsZiBPZiBDb250YWN0DQo+IFNlbnQ6IE1vbmRheSwgU2VwdGVtYmVyIDE2LCAyMDEz
IDk6MTEgUE0NCj4gVG86IEouIEJydWNlIEZpZWxkcw0KPiBDYzogbGludXgtbmZzQHZnZXIua2Vy
bmVsLm9yZw0KPiBTdWJqZWN0OiBSZTogMTYrIEdJRCBpc3N1ZSwgbW91bnRkJ3MgLS1tYW5hZ2Ut
Z2lkcyBub3QgaGVscGluZw0KPiANCj4gSGVsbG8sDQo+IA0KPiBNeSBhcG9sb2dpZXMgZm9yIG5v
dCBwcm92aWRpbmcgdGhlIGluZm9ybWF0aW9uIHRoYXQgeW91IHJlcXVlc3RlZC4NCj4gDQo+IChj
bGllbnQpDQo+IHJ5cGVydmVuY2hlQHN2ZWx0ZSB+ICQgaWQNCj4gdWlkPTEwMDAocnlwZXJ2ZW5j
aGUpIGdpZD0xMDAwKHJ5cGVydmVuY2hlKQ0KPiBncm91cHM9MTAwMChyeXBlcnZlbmNoZSksNChh
ZG0pLDYoZGlzayksNyhscCksMTAod2hlZWwpLDE2KGNyb24pLDE4KGF1ZGlvDQo+ICksMjcodmlk
ZW8pLDM1KGdhbWVzKSw3MChwb3N0Z3JlcyksODUodXNiKSwxMDAodXNlcnMpLDEwMyh2Ym94dXNl
cnMpLDEwNSgNCj4gd2lyZXNoYXJrKSwxMDYobHBhZG1pbiksMjQ0KHBsdWdkZXYpLDI0Nihjcm9u
dGFiKSwyNTAocG9ydGFnZSksMTEwMChuZnMpDQo+IA0KPiAoc2VydmVyKQ0KPiBuZnNAbm9pciB+
ICQgaWQNCj4gdWlkPTExMDAobmZzKSBnaWQ9MTEwMChuZnMpIGdyb3Vwcz0xMTAwKG5mcykNCg0K
RG9lcyB0aGUgJy9ldGMvZ3JvdXBzJyBlbnRyaWVzIGZvciB0aGUgdXNlciB3aXRoIHVpZD0xMDAw
IG9uIHRoZSBzZXJ2ZXIgbWF0Y2ggdGhvc2UgbGlzdGVkIGFib3ZlIGZvciB0aGUgY2xpZW50Pw0K
DQotLW1hbmFnZS1naWRzIHdpbGwgb25seSB3b3JrIGNvcnJlY3RseSBpZiB0aGUgL2V0Yy9wYXNz
d2QgYW5kIC9ldGMvZ3JvdXBzIGVudHJpZXMgb24gdGhlIHNlcnZlciBtYXRjaCB0aG9zZSBvbiB0
aGUgY2xpZW50Lg0KDQpDaGVlcnMsDQogIFRyb25kDQo=
Hello,
I was assuming it would grab all of my GIDs as it appears to do in the
following link:
https://xkyle.com/solving-the-nfs-16-group-limit-problem/
Just under the quote:
"Also, the NFS server will cache group lookups so it doesn’t have to
continuously make queries. The cache is visible like this:"
The GID 1000 is my primary user on both boxes (rypervenche).
If there is another way to do this (aside maybe from setting up
kerberos/ldap) I would be willing to try that.
Thank you.
On Mon, 16 Sep 2013 15:37:09 -0400
"J. Bruce Fields" <[email protected]> wrote:
> On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> > Hi all,
> >
> > I'm having an issue with my NFS mount and being able to access it
> > from my normal user account. The mount point is chmod'ed to 2770
> > with a GID of 1100 (nfs) which is the same on both systems. I can
> > access it if I change my active group using newgrp, but not
> > normally.
> >
> > ====================================
> > noir ~ # ls -lhd /home/nfs/share
> > drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
> >
> > rypervenche@svelte ~ $ pwd
> > /home/rypervenche
> > rypervenche@svelte ~ $ cd nfs
> > -su: cd: nfs: Permission denied
> > rypervenche@svelte ~ $ newgrp nfs
> > rypervenche@svelte ~ $ cd nfs
> > rypervenche@svelte ~/nfs $
> >
> > svelte ~ # grep nfs /etc/group
> > nfs:x:1100:rypervenche
> > ====================================
> >
> > You can find the details of my NFS server and client here:
> >
> > ====================================
> > svelte = client
> > noir = server
> >
> > svelte ~ # tail -1 /etc/fstab
> > 192.168.1.100:/ /home/rypervenche/nfs nfs
> > rw,noauto,noexec,nodev,nosuid 0 0
> >
> > noir ~ # cat /etc/exports
> > # /etc/exports: NFS file systems being exported. See exports(5).
> > /home/nfs/share
> > 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> >
> > noir ~ # id nfs
> > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
> >
> > noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> > NFS_NEEDED_SERVICES="rpc.idmapd"
> > OPTS_RPC_NFSD="8"
> > OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> > OPTS_RPC_STATD="-p 32765 -o 32766"
> > OPTS_RPC_IDMAPD=""
> > OPTS_RPC_GSSD=""
> > OPTS_RPC_SVCGSSD=""
> > OPTS_RPC_RQUOTAD=""
> > EXPORTFS_TIMEOUT=30
> >
> > noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports
> > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > --comment NFS -j ACCEPT -A INPUT -s 192.168.1.205/32 -p udp -m udp
> > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > --ctstate NEW -m comment --comment NFS -j ACCEPT -A INPUT -s
> > 192.168.2.100/32 -p tcp -m tcp -m multiport --dports
> > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > --comment NFS -j ACCEPT -A INPUT -s 192.168.2.100/32 -p udp -m udp
> > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > --ctstate NEW -m comment --comment NFS -j ACCEPT
> >
> > svelte:
> > net-fs/nfs-utils-1.2.6 was built with the following:
> > USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos
> > (-selinux)"
> >
> > noir:
> > net-fs/nfs-utils-1.2.6 was built with the following:
> > USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps
> > -kerberos (-selinux)" ABI_X86="64"
> >
> > svelte ~ # uname -a
> > Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT
> > 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel
> > GNU/Linux
> >
> > noir ~ # uname -a
> > Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013
> > x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
> > ====================================
> >
> >
> > I found online that the issue is due to NFS not being able to grab
> > over 16 GIDs. I found help in the following two links:
> >
> > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > https://wiki.archlinux.org/index.php/NFS_Troubleshooting
> >
> > I tried adding the --manage-gids flag to mountd (which can be seen
> > in the /etc/conf.d/nfs file above), however, it does not appear to
> > resolve the issue.
> >
> > ====================================
> > noir ~ #
> > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > 0 10: 0 1 2 3 4 6 10 11 26 27
> > 1000 9: 10 18 19 27 78 85 100 250 1000
> >
> > noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
> >
> > noir ~ #
> > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> >
> > Then I mount the NFS again:
> >
> > noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> > #uid cnt: gids...
> > 0 10: 0 1 2 3 4 6 10 11 26 27
> > 1000 9: 10 18 19 27 78 85 100 250 1000
> > ====================================
> >
> > It looks as though it is not grabbing all of my GIDs.
>
> What do you expect the list to be? Which groups is uid 1000 a member
> of on the server?
>
> --b.
Hello,
My apologies for not providing the information that you requested.
(client)
rypervenche@svelte ~ $ id
uid=1000(rypervenche) gid=1000(rypervenche)
groups=1000(rypervenche),4(adm),6(disk),7(lp),10(wheel),16(cron),18(audio),27(video),35(games),70(postgres),85(usb),100(users),103(vboxusers),105(wireshark),106(lpadmin),244(plugdev),246(crontab),250(portage),1100(nfs)
(server)
nfs@noir ~ $ id
uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
I expect to see GID 1100 in the output of
"cat /proc/net/rpc/auth.unix.gid/content"
My friend who is using a Mac is able to mount the NFS mount just fine
and I can use it when using "newgrp", so I believe it is configured
correctly. I would just like to be able to have GUI access without
needing to use newgrp.
Thank you.
On Mon, 16 Sep 2013 20:38:25 -0400
"J. Bruce Fields" <[email protected]> wrote:
> On Mon, Sep 16, 2013 at 07:20:24PM -0400, J. Bruce Fields wrote:
> > On Mon, Sep 16, 2013 at 05:56:12PM -0500, Contact wrote:
> > > Hello,
> > >
> > > I was assuming it would grab all of my GIDs as it appears to do
> > > in the following link:
> > > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > >
> > > Just under the quote:
> > > "Also, the NFS server will cache group lookups so it doesn’t have
> > > to continuously make queries. The cache is visible like this:"
> > >
> > > The GID 1000 is my primary user on both boxes (rypervenche).
> > >
> > > If there is another way to do this (aside maybe from setting up
> > > kerberos/ldap) I would be willing to try that.
> >
> > Could you please answer the two questions which I asked in my
> > previous email?
>
> To make them more concrete:
>
> - if you run "id rypervenche" on the server, what is the
> output?
> - on the output from "cat /proc/net/rpc/auth.unix.gid/content"
> which you list below, which id that you expected to be
> present is not included?
>
> --b.
>
> >
> > --b.
> >
> > >
> > > Thank you.
> > >
> > >
> > > On Mon, 16 Sep 2013 15:37:09 -0400
> > > "J. Bruce Fields" <[email protected]> wrote:
> > >
> > > > On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> > > > > Hi all,
> > > > >
> > > > > I'm having an issue with my NFS mount and being able to
> > > > > access it from my normal user account. The mount point is
> > > > > chmod'ed to 2770 with a GID of 1100 (nfs) which is the same
> > > > > on both systems. I can access it if I change my active group
> > > > > using newgrp, but not normally.
> > > > >
> > > > > ====================================
> > > > > noir ~ # ls -lhd /home/nfs/share
> > > > > drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
> > > > >
> > > > > rypervenche@svelte ~ $ pwd
> > > > > /home/rypervenche
> > > > > rypervenche@svelte ~ $ cd nfs
> > > > > -su: cd: nfs: Permission denied
> > > > > rypervenche@svelte ~ $ newgrp nfs
> > > > > rypervenche@svelte ~ $ cd nfs
> > > > > rypervenche@svelte ~/nfs $
> > > > >
> > > > > svelte ~ # grep nfs /etc/group
> > > > > nfs:x:1100:rypervenche
> > > > > ====================================
> > > > >
> > > > > You can find the details of my NFS server and client here:
> > > > >
> > > > > ====================================
> > > > > svelte = client
> > > > > noir = server
> > > > >
> > > > > svelte ~ # tail -1 /etc/fstab
> > > > > 192.168.1.100:/ /home/rypervenche/nfs nfs
> > > > > rw,noauto,noexec,nodev,nosuid 0 0
> > > > >
> > > > > noir ~ # cat /etc/exports
> > > > > # /etc/exports: NFS file systems being exported. See
> > > > > exports(5). /home/nfs/share
> > > > > 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > > > 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > > >
> > > > > noir ~ # id nfs
> > > > > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
> > > > >
> > > > > noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> > > > > NFS_NEEDED_SERVICES="rpc.idmapd"
> > > > > OPTS_RPC_NFSD="8"
> > > > > OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> > > > > OPTS_RPC_STATD="-p 32765 -o 32766"
> > > > > OPTS_RPC_IDMAPD=""
> > > > > OPTS_RPC_GSSD=""
> > > > > OPTS_RPC_SVCGSSD=""
> > > > > OPTS_RPC_RQUOTAD=""
> > > > > EXPORTFS_TIMEOUT=30
> > > > >
> > > > > noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> > > > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > > > > -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport
> > > > > --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW
> > > > > -m comment --comment NFS -j ACCEPT -A INPUT -s
> > > > > 192.168.1.205/32 -p udp -m udp -m multiport --dports
> > > > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m
> > > > > comment --comment NFS -j ACCEPT -A INPUT -s 192.168.2.100/32
> > > > > -p tcp -m tcp -m multiport --dports 111,2049,4001,32765:32767
> > > > > -m conntrack --ctstate NEW -m comment --comment NFS -j ACCEPT
> > > > > -A INPUT -s 192.168.2.100/32 -p udp -m udp -m multiport
> > > > > --dports 111,2049,4001,32765:32767 -m conntrack --ctstate NEW
> > > > > -m comment --comment NFS -j ACCEPT
> > > > >
> > > > > svelte:
> > > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > > USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos
> > > > > (-selinux)"
> > > > >
> > > > > noir:
> > > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > > USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps
> > > > > -kerberos (-selinux)" ABI_X86="64"
> > > > >
> > > > > svelte ~ # uname -a
> > > > > Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44
> > > > > CDT 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz
> > > > > GenuineIntel GNU/Linux
> > > > >
> > > > > noir ~ # uname -a
> > > > > Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT
> > > > > 2013 x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD
> > > > > GNU/Linux ====================================
> > > > >
> > > > >
> > > > > I found online that the issue is due to NFS not being able to
> > > > > grab over 16 GIDs. I found help in the following two links:
> > > > >
> > > > > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > > > > https://wiki.archlinux.org/index.php/NFS_Troubleshooting
> > > > >
> > > > > I tried adding the --manage-gids flag to mountd (which can be
> > > > > seen in the /etc/conf.d/nfs file above), however, it does not
> > > > > appear to resolve the issue.
> > > > >
> > > > > ====================================
> > > > > noir ~ #
> > > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > > >
> > > > > noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
> > > > >
> > > > > noir ~ #
> > > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > > >
> > > > > Then I mount the NFS again:
> > > > >
> > > > > noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> > > > > #uid cnt: gids...
> > > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > > > ====================================
> > > > >
> > > > > It looks as though it is not grabbing all of my GIDs.
> > > >
> > > > What do you expect the list to be? Which groups is uid 1000 a
> > > > member of on the server?
> > > >
> > > > --b.
> > >
> > --
> > To unsubscribe from this list: send the line "unsubscribe
> > linux-nfs" in the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Sep 16, 2013 at 05:56:12PM -0500, Contact wrote:
> Hello,
>
> I was assuming it would grab all of my GIDs as it appears to do in the
> following link:
> https://xkyle.com/solving-the-nfs-16-group-limit-problem/
>
> Just under the quote:
> "Also, the NFS server will cache group lookups so it doesn’t have to
> continuously make queries. The cache is visible like this:"
>
> The GID 1000 is my primary user on both boxes (rypervenche).
>
> If there is another way to do this (aside maybe from setting up
> kerberos/ldap) I would be willing to try that.
Could you please answer the two questions which I asked in my previous
email?
--b.
>
> Thank you.
>
>
> On Mon, 16 Sep 2013 15:37:09 -0400
> "J. Bruce Fields" <[email protected]> wrote:
>
> > On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> > > Hi all,
> > >
> > > I'm having an issue with my NFS mount and being able to access it
> > > from my normal user account. The mount point is chmod'ed to 2770
> > > with a GID of 1100 (nfs) which is the same on both systems. I can
> > > access it if I change my active group using newgrp, but not
> > > normally.
> > >
> > > ====================================
> > > noir ~ # ls -lhd /home/nfs/share
> > > drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
> > >
> > > rypervenche@svelte ~ $ pwd
> > > /home/rypervenche
> > > rypervenche@svelte ~ $ cd nfs
> > > -su: cd: nfs: Permission denied
> > > rypervenche@svelte ~ $ newgrp nfs
> > > rypervenche@svelte ~ $ cd nfs
> > > rypervenche@svelte ~/nfs $
> > >
> > > svelte ~ # grep nfs /etc/group
> > > nfs:x:1100:rypervenche
> > > ====================================
> > >
> > > You can find the details of my NFS server and client here:
> > >
> > > ====================================
> > > svelte = client
> > > noir = server
> > >
> > > svelte ~ # tail -1 /etc/fstab
> > > 192.168.1.100:/ /home/rypervenche/nfs nfs
> > > rw,noauto,noexec,nodev,nosuid 0 0
> > >
> > > noir ~ # cat /etc/exports
> > > # /etc/exports: NFS file systems being exported. See exports(5).
> > > /home/nfs/share
> > > 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > >
> > > noir ~ # id nfs
> > > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
> > >
> > > noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> > > NFS_NEEDED_SERVICES="rpc.idmapd"
> > > OPTS_RPC_NFSD="8"
> > > OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> > > OPTS_RPC_STATD="-p 32765 -o 32766"
> > > OPTS_RPC_IDMAPD=""
> > > OPTS_RPC_GSSD=""
> > > OPTS_RPC_SVCGSSD=""
> > > OPTS_RPC_RQUOTAD=""
> > > EXPORTFS_TIMEOUT=30
> > >
> > > noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > > -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports
> > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > --comment NFS -j ACCEPT -A INPUT -s 192.168.1.205/32 -p udp -m udp
> > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > --ctstate NEW -m comment --comment NFS -j ACCEPT -A INPUT -s
> > > 192.168.2.100/32 -p tcp -m tcp -m multiport --dports
> > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > --comment NFS -j ACCEPT -A INPUT -s 192.168.2.100/32 -p udp -m udp
> > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > --ctstate NEW -m comment --comment NFS -j ACCEPT
> > >
> > > svelte:
> > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos
> > > (-selinux)"
> > >
> > > noir:
> > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps
> > > -kerberos (-selinux)" ABI_X86="64"
> > >
> > > svelte ~ # uname -a
> > > Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT
> > > 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel
> > > GNU/Linux
> > >
> > > noir ~ # uname -a
> > > Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013
> > > x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
> > > ====================================
> > >
> > >
> > > I found online that the issue is due to NFS not being able to grab
> > > over 16 GIDs. I found help in the following two links:
> > >
> > > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > > https://wiki.archlinux.org/index.php/NFS_Troubleshooting
> > >
> > > I tried adding the --manage-gids flag to mountd (which can be seen
> > > in the /etc/conf.d/nfs file above), however, it does not appear to
> > > resolve the issue.
> > >
> > > ====================================
> > > noir ~ #
> > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > >
> > > noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
> > >
> > > noir ~ #
> > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > >
> > > Then I mount the NFS again:
> > >
> > > noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> > > #uid cnt: gids...
> > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > ====================================
> > >
> > > It looks as though it is not grabbing all of my GIDs.
> >
> > What do you expect the list to be? Which groups is uid 1000 a member
> > of on the server?
> >
> > --b.
>
On Mon, Sep 16, 2013 at 07:20:24PM -0400, J. Bruce Fields wrote:
> On Mon, Sep 16, 2013 at 05:56:12PM -0500, Contact wrote:
> > Hello,
> >
> > I was assuming it would grab all of my GIDs as it appears to do in the
> > following link:
> > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> >
> > Just under the quote:
> > "Also, the NFS server will cache group lookups so it doesn’t have to
> > continuously make queries. The cache is visible like this:"
> >
> > The GID 1000 is my primary user on both boxes (rypervenche).
> >
> > If there is another way to do this (aside maybe from setting up
> > kerberos/ldap) I would be willing to try that.
>
> Could you please answer the two questions which I asked in my previous
> email?
To make them more concrete:
- if you run "id rypervenche" on the server, what is the output?
- on the output from "cat /proc/net/rpc/auth.unix.gid/content"
which you list below, which id that you expected to be present
is not included?
--b.
>
> --b.
>
> >
> > Thank you.
> >
> >
> > On Mon, 16 Sep 2013 15:37:09 -0400
> > "J. Bruce Fields" <[email protected]> wrote:
> >
> > > On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> > > > Hi all,
> > > >
> > > > I'm having an issue with my NFS mount and being able to access it
> > > > from my normal user account. The mount point is chmod'ed to 2770
> > > > with a GID of 1100 (nfs) which is the same on both systems. I can
> > > > access it if I change my active group using newgrp, but not
> > > > normally.
> > > >
> > > > ====================================
> > > > noir ~ # ls -lhd /home/nfs/share
> > > > drwxrws--- 8 nfs nfs 4.0K Sep 4 15:30 /home/nfs/share
> > > >
> > > > rypervenche@svelte ~ $ pwd
> > > > /home/rypervenche
> > > > rypervenche@svelte ~ $ cd nfs
> > > > -su: cd: nfs: Permission denied
> > > > rypervenche@svelte ~ $ newgrp nfs
> > > > rypervenche@svelte ~ $ cd nfs
> > > > rypervenche@svelte ~/nfs $
> > > >
> > > > svelte ~ # grep nfs /etc/group
> > > > nfs:x:1100:rypervenche
> > > > ====================================
> > > >
> > > > You can find the details of my NFS server and client here:
> > > >
> > > > ====================================
> > > > svelte = client
> > > > noir = server
> > > >
> > > > svelte ~ # tail -1 /etc/fstab
> > > > 192.168.1.100:/ /home/rypervenche/nfs nfs
> > > > rw,noauto,noexec,nodev,nosuid 0 0
> > > >
> > > > noir ~ # cat /etc/exports
> > > > # /etc/exports: NFS file systems being exported. See exports(5).
> > > > /home/nfs/share
> > > > 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > > 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > >
> > > > noir ~ # id nfs
> > > > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
> > > >
> > > > noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> > > > NFS_NEEDED_SERVICES="rpc.idmapd"
> > > > OPTS_RPC_NFSD="8"
> > > > OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> > > > OPTS_RPC_STATD="-p 32765 -o 32766"
> > > > OPTS_RPC_IDMAPD=""
> > > > OPTS_RPC_GSSD=""
> > > > OPTS_RPC_SVCGSSD=""
> > > > OPTS_RPC_RQUOTAD=""
> > > > EXPORTFS_TIMEOUT=30
> > > >
> > > > noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> > > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > > > -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports
> > > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > > --comment NFS -j ACCEPT -A INPUT -s 192.168.1.205/32 -p udp -m udp
> > > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > > --ctstate NEW -m comment --comment NFS -j ACCEPT -A INPUT -s
> > > > 192.168.2.100/32 -p tcp -m tcp -m multiport --dports
> > > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > > --comment NFS -j ACCEPT -A INPUT -s 192.168.2.100/32 -p udp -m udp
> > > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > > --ctstate NEW -m comment --comment NFS -j ACCEPT
> > > >
> > > > svelte:
> > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos
> > > > (-selinux)"
> > > >
> > > > noir:
> > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps
> > > > -kerberos (-selinux)" ABI_X86="64"
> > > >
> > > > svelte ~ # uname -a
> > > > Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT
> > > > 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel
> > > > GNU/Linux
> > > >
> > > > noir ~ # uname -a
> > > > Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013
> > > > x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
> > > > ====================================
> > > >
> > > >
> > > > I found online that the issue is due to NFS not being able to grab
> > > > over 16 GIDs. I found help in the following two links:
> > > >
> > > > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > > > https://wiki.archlinux.org/index.php/NFS_Troubleshooting
> > > >
> > > > I tried adding the --manage-gids flag to mountd (which can be seen
> > > > in the /etc/conf.d/nfs file above), however, it does not appear to
> > > > resolve the issue.
> > > >
> > > > ====================================
> > > > noir ~ #
> > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > >
> > > > noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush
> > > >
> > > > noir ~ #
> > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > >
> > > > Then I mount the NFS again:
> > > >
> > > > noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> > > > #uid cnt: gids...
> > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > > ====================================
> > > >
> > > > It looks as though it is not grabbing all of my GIDs.
> > >
> > > What do you expect the list to be? Which groups is uid 1000 a member
> > > of on the server?
> > >
> > > --b.
> >
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
THAT DID IT!
You guys are awesome! I didn't realize that they had to be the same for
the user. I thought that was independent of the user on the server's
end. So user 1000 has to have GID 1100 on both client and server. I
will remember that.
Again, thank you so much. I apologize if I made this more difficult
than it needed to be.
On Tue, 17 Sep 2013 01:59:42 +0000
"Myklebust, Trond" <[email protected]> wrote:
> > -----Original Message-----
> > From: [email protected] [mailto:linux-nfs-
> > [email protected]] On Behalf Of Contact
> > Sent: Monday, September 16, 2013 9:11 PM
> > To: J. Bruce Fields
> > Cc: [email protected]
> > Subject: Re: 16+ GID issue, mountd's --manage-gids not helping
> >
> > Hello,
> >
> > My apologies for not providing the information that you requested.
> >
> > (client)
> > rypervenche@svelte ~ $ id
> > uid=1000(rypervenche) gid=1000(rypervenche)
> > groups=1000(rypervenche),4(adm),6(disk),7(lp),10(wheel),16(cron),18(audio
> > ),27(video),35(games),70(postgres),85(usb),100(users),103(vboxusers),105(
> > wireshark),106(lpadmin),244(plugdev),246(crontab),250(portage),1100(nfs)
> >
> > (server)
> > nfs@noir ~ $ id
> > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
>
> Does the '/etc/groups' entries for the user with uid=1000 on the
> server match those listed above for the client?
>
> --manage-gids will only work correctly if the /etc/passwd
> and /etc/groups entries on the server match those on the client.
>
> Cheers,
> Trond