Strange NFS behaviour
in [Debian]
|
From: Alex Samad on 26 Jun 2008 09:20 I have just finished putting together a nfs server. and I am getting some strange results whilst testing it. I have a partition with a directory video with permissions set to chown video.movies user alesx is a member of movies. on the nas box I can cd to the directory and create files. on a remote machine with this directory is mounted via nfs, when I enter into the directory and try and create a file I get permission denied. on the client machine the userids and the groups are setup the same ! alex -- "There's no such thing as legacies. At least, there is a legacy, but I'll never see it." - George W. Bush 01/31/2001 speaking to Catholic leaders at the White House
From: Alex Samad on 26 Jun 2008 18:00 On Thu, Jun 26, 2008 at 11:10:34PM +1000, Alex Samad wrote: > I have just finished putting together a nfs server. and I am getting > some strange results whilst testing it. > > I have a partition with a directory video with permissions set to > > chown video.movies > user alesx is a member of movies. > > on the nas box I can cd to the directory and create files. > > on a remote machine with this directory is mounted via nfs, when I > enter into the directory and try and create a file I get permission > denied. > > on the client machine the userids and the groups are setup the same ! > > alex Just to add some more information to this (i typed this up late last night) I have 3 servers and 1 laptop. I am using ldap for my userid / password info. I am using libnss-ldapd (fork of libnss-ldap) I have a user alex who is a member of group movies on the nas server I have a directory /exports/video/tmp drwxrwsr-x 2 video movies 20 2008-06-27 07:23 tmp if I go to this directory and try touch HEREIAM, a file is created now when I go to machine multimedia, which has nas:/exports/video mount as /exports/video and I try the same thing it works when I go to my laptop, which has the same mounts and try the same thing I get permission denied. And the same error when i try it from the other server hufpuf. I did a tcp dump on the nas box watch everything except for port 22 and ran the same tests on all the machine a NFS ok reply is sent back after the create request ! I ran another test on the machines that gave me access denied, I went to a local partition and created a directory with the same permissions as /exports/video/tmp and tried to create a file in the same manor - it worked on all the servers I have also looked at the mount command options (fstab) and they are the same. I have tried reboot the machines I don't have selinux turned on I have looked at package versions of libc libnss-ldapd mount linux-image I have tried stracing this command "touch d", but all I can see is a open request and a fail or ok on the respective servers. I am at a bit of a loss where to look now :( help ! alex > > > > -- > "There's no such thing as legacies. At least, there is a legacy, but I'll never see it." > > - George W. Bush > 01/31/2001 > speaking to Catholic leaders at the White House -- "The trial lawyers are very politically powerful. ... But here in Texas we took them on and got some good medical -- medical malpractice." - George W. Bush 08/13/2002 Waco, TX
From: Daniel Dalton on 26 Jun 2008 18:20 Does your /etc/exports file on the server say the client can write? eg. /home/daniel 192.168.1.14(rw) -- Daniel Dalton http://members.iinet.net.au/~ddalton/ <d.dalton(a)iinet.net.au> -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Alex Samad on 26 Jun 2008 20:20 On Fri, Jun 27, 2008 at 08:13:09AM +1000, Daniel Dalton wrote: > Does your /etc/exports file on the server say the client can write? > eg. > /home/daniel 192.168.1.14(rw) yep /exports/video 192.168.8.0/22(no_root_squash,secure,sync,rw,subtree_check,mp=/exports/video,crossmnt) > > -- > Daniel Dalton > > http://members.iinet.net.au/~ddalton/ > <d.dalton(a)iinet.net.au> > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org > > -- "We spent a lot of time talking about Africa, as we should. Africa is a nation that suffers from incredible disease." - George W. Bush 06/14/2001 Gothenburg, Sweden at a news conference in Europe
From: Alex Samad on 16 Jul 2008 09:40
On Fri, Jun 27, 2008 at 10:16:34AM +1000, Alex Samad wrote: > On Fri, Jun 27, 2008 at 08:13:09AM +1000, Daniel Dalton wrote: > > Does your /etc/exports file on the server say the client can write? > > eg. > > /home/daniel 192.168.1.14(rw) > yep > > /exports/video > 192.168.8.0/22(no_root_squash,secure,sync,rw,subtree_check,mp=/exports/video,crossmnt) > > > [snip] found the problem, to many groups and a limit in the nfs protocol to 16 groups. There is a work around RPCMOUNTDOPTS="--manage-gids" in nfs-kernel-server -- "It is time to set aside the old partisan bickering and finger-pointing and name-calling that comes from freeing parents to make different choices for their children." - George W. Bush 04/12/2001 on parental empowerment in education |