Return-Path: linux-nfs-owner@vger.kernel.org
Received: from fieldses.org ([174.143.236.118]:48795 "EHLO fieldses.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751602Ab3IQAi2 (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Mon, 16 Sep 2013 20:38:28 -0400
Date: Mon, 16 Sep 2013 20:38:25 -0400
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Contact <contact@ryper.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: 16+ GID issue, mountd's --manage-gids not helping
Message-ID: <20130917003825.GD25308@fieldses.org>
References: <20130916094351.263d433d@svelte.ryper.org>
 <20130916193709.GA25308@fieldses.org>
 <20130916175612.012d7301@svelte.ryper.org>
 <20130916232024.GC25308@fieldses.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
In-Reply-To: <20130916232024.GC25308@fieldses.org>
Sender: linux-nfs-owner@vger.kernel.org
List-ID: <linux-nfs.vger.kernel.org>

On Mon, Sep 16, 2013 at 07:20:24PM -0400, J. Bruce Fields wrote:
> On Mon, Sep 16, 2013 at 05:56:12PM -0500, Contact wrote:
> > Hello,
> > 
> > I was assuming it would grab all of my GIDs as it appears to do in the
> > following link:
> > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > 
> > Just under the quote:
> > "Also, the NFS server will cache group lookups so it doesn’t have to
> > continuously make queries. The cache is visible like this:"
> > 
> > The GID 1000 is my primary user on both boxes (rypervenche).
> > 
> > If there is another way to do this (aside maybe from setting up
> > kerberos/ldap) I would be willing to try that.
> 
> Could you please answer the two questions which I asked in my previous
> email?

To make them more concrete:

	- if you run "id rypervenche" on the server, what is the output?
	- on the output from "cat /proc/net/rpc/auth.unix.gid/content"
	  which you list below, which id that you expected to be present
	  is not included?

--b.

> 
> --b.
> 
> > 
> > Thank you.
> > 
> > 
> > On Mon, 16 Sep 2013 15:37:09 -0400
> > "J. Bruce Fields" <bfields@fieldses.org> wrote:
> > 
> > > On Mon, Sep 16, 2013 at 09:43:51AM -0500, Contact wrote:
> > > > Hi all,
> > > > 
> > > > I'm having an issue with my NFS mount and being able to access it
> > > > from my normal user account. The mount point is chmod'ed to 2770
> > > > with a GID of 1100 (nfs) which is the same on both systems. I can
> > > > access it if I change my active group using newgrp, but not
> > > > normally.
> > > > 
> > > > ====================================
> > > > noir ~ # ls -lhd /home/nfs/share
> > > > drwxrws--- 8 nfs nfs 4.0K Sep  4 15:30 /home/nfs/share
> > > > 
> > > > rypervenche@svelte ~ $ pwd
> > > > /home/rypervenche
> > > > rypervenche@svelte ~ $ cd nfs
> > > > -su: cd: nfs: Permission denied
> > > > rypervenche@svelte ~ $ newgrp nfs
> > > > rypervenche@svelte ~ $ cd nfs
> > > > rypervenche@svelte ~/nfs $ 
> > > > 
> > > > svelte ~ # grep nfs /etc/group
> > > > nfs:x:1100:rypervenche
> > > > ====================================
> > > > 
> > > > You can find the details of my NFS server and client here:
> > > > 
> > > > ====================================
> > > > svelte = client
> > > > noir = server
> > > > 
> > > > svelte ~ # tail -1 /etc/fstab
> > > > 192.168.1.100:/ /home/rypervenche/nfs   nfs
> > > > rw,noauto,noexec,nodev,nosuid   0       0
> > > > 
> > > > noir ~ # cat /etc/exports 
> > > > # /etc/exports: NFS file systems being exported.  See exports(5).
> > > > /home/nfs/share
> > > > 192.168.1.205(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > > 192.168.2.100(rw,sync,fsid=0,no_root_squash,no_subtree_check)
> > > > 
> > > > noir ~ # id nfs
> > > > uid=1100(nfs) gid=1100(nfs) groups=1100(nfs)
> > > > 
> > > > noir ~ # grep -v ^# /etc/conf.d/nfs | grep -v ^$
> > > > NFS_NEEDED_SERVICES="rpc.idmapd"
> > > > OPTS_RPC_NFSD="8"
> > > > OPTS_RPC_MOUNTD="-V 4 --manage-gids -p 32767"
> > > > OPTS_RPC_STATD="-p 32765 -o 32766"
> > > > OPTS_RPC_IDMAPD=""
> > > > OPTS_RPC_GSSD=""
> > > > OPTS_RPC_SVCGSSD=""
> > > > OPTS_RPC_RQUOTAD=""
> > > > EXPORTFS_TIMEOUT=30
> > > > 
> > > > noir ~ # iptables-save | egrep '(NFS|T -m conn)'
> > > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > > > -A INPUT -s 192.168.1.205/32 -p tcp -m tcp -m multiport --dports
> > > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > > --comment NFS -j ACCEPT -A INPUT -s 192.168.1.205/32 -p udp -m udp
> > > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > > --ctstate NEW -m comment --comment NFS -j ACCEPT -A INPUT -s
> > > > 192.168.2.100/32 -p tcp -m tcp -m multiport --dports
> > > > 111,2049,4001,32765:32767 -m conntrack --ctstate NEW -m comment
> > > > --comment NFS -j ACCEPT -A INPUT -s 192.168.2.100/32 -p udp -m udp
> > > > -m multiport --dports 111,2049,4001,32765:32767 -m conntrack
> > > > --ctstate NEW -m comment --comment NFS -j ACCEPT
> > > > 
> > > > svelte:
> > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > USE="ipv6 nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps -kerberos
> > > > (-selinux)"
> > > > 
> > > > noir:
> > > > net-fs/nfs-utils-1.2.6 was built with the following:
> > > > USE="ipv6 (multilib) nfsdcld nfsidmap nfsv4 nfsv41 tcpd -caps
> > > > -kerberos (-selinux)" ABI_X86="64"
> > > > 
> > > > svelte ~ # uname -a
> > > > Linux svelte 3.10.7-gentoo-svelte #1 SMP Thu Aug 22 17:46:44 CDT
> > > > 2013 i686 Intel(R) Atom(TM) CPU N450 @ 1.66GHz GenuineIntel
> > > > GNU/Linux
> > > > 
> > > > noir ~ # uname -a
> > > > Linux noir 3.10.7-gentoo-noir #1 SMP Wed Aug 28 11:19:43 CDT 2013
> > > > x86_64 AMD Athlon(tm) II X2 260 Processor AuthenticAMD GNU/Linux
> > > > ====================================
> > > > 
> > > > 
> > > > I found online that the issue is due to NFS not being able to grab
> > > > over 16 GIDs. I found help in the following two links:
> > > > 
> > > > https://xkyle.com/solving-the-nfs-16-group-limit-problem/
> > > > https://wiki.archlinux.org/index.php/NFS_Troubleshooting
> > > > 
> > > > I tried adding the --manage-gids flag to mountd (which can be seen
> > > > in the /etc/conf.d/nfs file above), however, it does not appear to
> > > > resolve the issue.
> > > > 
> > > > ====================================
> > > > noir ~ #
> > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > > 
> > > > noir ~ # date +%s > /proc/net/rpc/auth.unix.gid/flush     
> > > >                                                                                                                               
> > > > noir ~ #
> > > > cat /proc/net/rpc/auth.unix.gid/content #uid cnt: gids...
> > > > 
> > > > Then I mount the NFS again:
> > > > 
> > > > noir ~ # cat /proc/net/rpc/auth.unix.gid/content
> > > > #uid cnt: gids...
> > > > 0 10: 0 1 2 3 4 6 10 11 26 27
> > > > 1000 9: 10 18 19 27 78 85 100 250 1000
> > > > ====================================
> > > > 
> > > > It looks as though it is not grabbing all of my GIDs.
> > > 
> > > What do you expect the list to be?  Which groups is uid 1000 a member
> > > of on the server?
> > > 
> > > --b.
> > 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html