Hi,
Please, i have a tree in other machine mounted in my local
machine using NFS v3. In that server machine, one example file shared
is owned by the "intranet" group and this file have a write permission for the group there.
However i CAN'T write in it, like a ordinary user. In my local
/etc/groups file, i am in the "intranet" group and i should can to write
it. Both are 1007 group id (in my local machine and in the server)
# the mounted filesystem is mounted under /mnt/dirdocs. The export line in
# the server is (/etc/exports):
/usr/local/apache/virtual/intranet.netlocal.com.br/contents/infraestrutura osiris(rw,no_root_squash) thor(rw,no_root_squash) poseidon(rw,no_root_squash)
root@thor# mount
esparta:/usr/local/apache/virtual/intranet.netlocal.com.br/contents/infraestrutura
on /mnt/dirdocs type nfs (rw,addr=192.168.1.3)
#in my local machine
joel@thor:/mnt/dirdocs/documentacao/TXT$ groups
joel bin sys adm tty disk lp cdrom floppy tape sudo audio www-data
backup src video staff games nobody mysql shared admin intranet public
^
|
joel@thor:/mnt/dirdocs/documentacao/TXT$ ls -l squid.txt
-rw-rw-r-- 1 jorge intranet 1770 2002-06-24 13:29 squid.txt
joel@thor:/mnt/dirdocs/documentacao/TXT$ touch a
touch: criando `a': Permission denied
# HERE the problem. Why?
# The parent directory is with the intranet write permission ok.
joel@thor:/mnt/dirdocs/documentacao/TXT$ ls -l ..
total 12
drwxrwsr-x 2 jorge intranet 4096 2002-06-28 17:12 HTML
drwxrwsr-x 2 jorge intranet 4096 2002-06-28 17:15 OTHER
drwxrwsr-x 2 jorge intranet 4096 2002-07-17 13:40 TXT
joel@thor:/mnt/dirdocs/documentacao/TXT$
Anyone have some idea?
Regards.
--
Joel Franco Guzm?n
Network Analyst
3WT - Wireless Web World Tech
[email protected]
tel: +55 16 3371-4343
fax: +55 16 3371-9847
cel: +55 16 9787-0478
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
>>>>> " " =3D=3D Joel Franco Guzm=E1n <[email protected]> writes:
> it, like a ordinary user. In my local /etc/groups file, i am in
> the "intranet" group and i should can to write it. Both are
> 1007 group id (in my local machine and in the server)
...but are you in the 'intranet' group on your server? If the server
believes you are not allowed to write to the file, then it will block
any attempts to do so.
Cheers,
Trond
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On July 18, [email protected] wrote:
> >>>>> " " =3D=3D Joel Franco Guzm=E1n <[email protected]> writes=
:
>=20
> > it, like a ordinary user. In my local /etc/groups file, i am i=
n
> > the "intranet" group and i should can to write it. Both are
> > 1007 group id (in my local machine and in the server)
>=20
> ...but are you in the 'intranet' group on your server? If the server
> believes you are not allowed to write to the file, then it will block=
> any attempts to do so.
Nah.. the server just believes the groups in the RPC credential.
The problem is that Joel is in more than 16 groups, and RPC only knows
about the first 16.
Trond: is there a good reason why the client cannot make sure the
groupid of a file is sorted first when accessing that file? It would
solve 99% of these problems in a very simple way and should (says he
who hasn't looked at the code) not be too hard to achieve.
NeilBrown
>=20
> Cheers,
> Trond
>=20
>=20
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
I think it's time to get a new NFS mailing list. Should we petition
for a=20
[email protected]
so as to avoid these obnoxious ads?
NeilBrown
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
>>>>> " " == Neil Brown <[email protected]> writes:
> Trond: is there a good reason why the client cannot make sure
> the groupid of a file is sorted first when accessing that file?
> It would solve 99% of these problems in a very simple way and
> should (says he who hasn't looked at the code) not be too hard
> to achieve.
It could be done, but doing so might break attempts to provide optimal
reordering of groups by hand. The latter is needed in order to solve
the remaining 1% of problems if, for instance, uid/gid mapping is
being used on the server.
I'm also reluctant to implement a solution that would involve giving
the NFS code intimate knowledge of the details of the RPC auth
handling. After all, the problem+solution you outline only effects
AUTH_SYS (a.k.a. AUTH_UNIX).
The workaround if one can't mess with /etc/groups in order to optimize
the user's group membership at login is to use the 'newgrp' command.
Note: I believe Frank van Marseveen once implemented a solution in
which membership of > 16 groups would result in the RPC code
reordering the groups and then retrying requests that fail with
EACCES. I don't know if he still maintains that code, but he did claim
that it worked for his case.
Cheers,
Trond
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Well.
It runs now.
The problem was effectively with the 16 limit. i just put the group
"intranet" in the front of the group file, and it runs.
Thank u.
It help me a lot :)
[]s
On Thu, Jul 18, 2002 at 02:25:31PM +0200, Trond Myklebust wrote:
> >>>>> " " == Neil Brown <[email protected]> writes:
>
> > Trond: is there a good reason why the client cannot make sure
> > the groupid of a file is sorted first when accessing that file?
> > It would solve 99% of these problems in a very simple way and
> > should (says he who hasn't looked at the code) not be too hard
> > to achieve.
>
> It could be done, but doing so might break attempts to provide optimal
> reordering of groups by hand. The latter is needed in order to solve
> the remaining 1% of problems if, for instance, uid/gid mapping is
> being used on the server.
>
> I'm also reluctant to implement a solution that would involve giving
> the NFS code intimate knowledge of the details of the RPC auth
> handling. After all, the problem+solution you outline only effects
> AUTH_SYS (a.k.a. AUTH_UNIX).
>
> The workaround if one can't mess with /etc/groups in order to optimize
> the user's group membership at login is to use the 'newgrp' command.
>
>
>
>
> Note: I believe Frank van Marseveen once implemented a solution in
> which membership of > 16 groups would result in the RPC code
> reordering the groups and then retrying requests that fail with
> EACCES. I don't know if he still maintains that code, but he did claim
> that it worked for his case.
>
> Cheers,
> Trond
--
Joel Franco Guzm?n
Network Analyst
3WT - Wireless Web World Tech
[email protected]
tel: +55 16 3371-4343
fax: +55 16 3371-9847
cel: +55 16 9787-0478
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Thu, Jul 18, 2002 at 08:34:03PM +1000, Neil Brown wrote:
>
> Nah.. the server just believes the groups in the RPC credential.
> The problem is that Joel is in more than 16 groups, and RPC only knows
> about the first 16.
Correct. A solution is to use my linux client side patch, see:
http://web.inter.nl.net/users/fvm/
--
Frank
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs