On 07/25/2015 02:01 PM, Ed Greshko wrote: > On 07/26/15 03:41, Emmett Culley wrote: >> I just noticed that when accessing an NFS mount, the group is ignored. >> >> For example, on the server that shares the files via NFS that lists from the >> NFS client as: >> >> $ ls -l/nfs/web >> -rw-rw-r-- 1 root web_prog 491 Oct 16 2012 parse.php >> >> $ mount >> web:/ on /lvh1/web type nfs4 >> (rw,noatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.6.12,local_lock=none,addr=192.168.6.232) >> >> >> A user on the client machine that is a member of group web_prog cannot write >> the file (parse.php). If the user is changed from root to the client user's >> UID via chown on the server, the user on the client machine can then write >> the file. >> >> The server is on CentOS 7 and the client is on Fedora 21. If I do the same >> test from a CentOS 7 or CentOS 6 machine client, it works as expected. That >> is, the group permissions are honoured by the NFS client on those non-Fedora >> machines. >> >> So, I figure there is something wrong with my Fedora NFS configuration. >> Nothing shows up that is related to this issue when searching the Internet. >> >> What I have tried: >> >> Insure that Domain in /etc/idmapd.conf is the same on both client and >> server. Though the fact that the user ID is honoured would indicate that is >> correct. >> >> Insured that the numerical user ID and group ID match on both client and >> server, even though until now I always assumed that idmapd did not require >> the numerical IDs to match with NFS4 >> >> Any help would be appreciated. > What is the output of "ls -l /nfs/we" after you have performed the mount? > > Remember, the UID/GID are held in the file system itself. Before you mount, > it will be the UID/GID of the mount point and after you mount it will be the > UID/GID held by the newly mounted file system. > > The results of ls -l on a file in the NFS share is provided above (from the client machine).
The results of ls -ld (from the client machine) is: drwxrwsr-x 12 root web_prog 4096 Jul 25 13:28 /nsf/web My fedora user is definitely a member of the web_prog group and both the client and the server have the same numeric GID for that group. I don't know if this is something new as I recently moved some files to a new server (CentOS 6 to CentOS 7), and previous to the move my Fedora user owned those files on the old server. And I only just now discovered this issue. I also reinstalled Fedora 21 from scratch after attempting to try Fedora 22, and finding Fedora 22 not ready for prime time. Which further makes me suspect a configuration issue. BTW, am I wrong that idmapd should not require synchronized UIDs and GIDs between client and server, at least for NFS4? Emmett -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
