From: Neal Lippman Subject: nfs permissions / access problem Date: Tue, 13 Aug 2002 10:38:08 -0400 Sender: nfs-admin@lists.sourceforge.net Message-ID: <20020813143423.QHGF221.sccrmhc02.attbi.com@there> References: Reply-To: nl@lippman.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Return-path: Received: from sccrmhc02.attbi.com ([204.127.202.62]) by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17eckf-0007Td-00 for ; Tue, 13 Aug 2002 07:34:30 -0700 Received: from there ([12.243.55.158]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020813143423.QHGF221.sccrmhc02.attbi.com@there> for ; Tue, 13 Aug 2002 14:34:23 +0000 To: nfs@lists.sourceforge.net In-Reply-To: Errors-To: nfs-admin@lists.sourceforge.net List-Help: List-Post: List-Subscribe: , List-Id: Discussion of NFS under Linux development, interoperability, and testing. List-Unsubscribe: , List-Archive: I am hoping someone can provide some advice. The situation is that I want to have available on my nfs server a share that is accessible to a group of people connecting from their workstations, but am having trouble doing so. Following what I would have done for a local directory, I created the directory: /shared and set its ownship to root, with group=sharedgroup, and then gave group permissions of rwx. I made sure each user who needs to use the shared directory is in the sharedgroup on the server, and for good measure also did so on each workstation (and yes, the gid's are the same on each machine). Unfortunately, the directory remains inaccessible via nfs with this scheme. I suspect the problem here is that nfs receives from the client the uid and gid that the client process is currently executing under, but does not received the extended group list, and also does not look up that user's extended group list on the server but rather just does permission checking with the single active uid and gid it received from the client, and so cannot access via extended group information. That doesn't strike me as the best way for nfs to operate, although I am am sure there was sound design decision involved (maybe overhead of looking up the groups on each access, which the os does not have locally as that info is already in the process's state information, placed there at login). In any case, it means that I cannot easily export a shared directory in this fashion. So my question is: How do I make an exported folder accessible to a group of users? Thanks. nl ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ NFS maillist - NFS@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs