NFS group permissions won't work

[weird wonko]

I cannot access files on a share from a remote machine, unless the permissions are set to allow reading/writing for every user.

My setup: weird is the local machine, zone the server. The exported mpeg directory is owned by user p2p and group p2p, the GID and UID are the same on the client.
Here are the relevant parts of the config files.

/etc/exports on zone:

[BlinkEye]

i don't get write permission neither, only with root if no_root_sqash is enabled which i don't want. any ideas?

[EDIT]solved for me -> kernel upgrade from 2.6.8-mm2 to 2.6.10-mm2[/EDIT]
[EDIT2]and changing the UIDs so they were the same on both computers[/EDIT2]
_________________
Easily backup up your system? klick
Get rid of SSH Brute Force Attempts / Script Kiddies klick

[weird wonko]

It's still not working. I'm at gentoo-dev-sources-2.6.10-r6 now.
The UIDs are identical on both systems.

[Chris W]

Since you are attempting to access the remote share as root you probably want to look at the User ID Mapping section in the exports(5) man page. By default, the root UID is mapped to an anonymous user.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein

[weird wonko]

No, I am not root. Just a user being in the p2p group, but having no access despite of group access rights being set on the share.

[weird wonko]

This is becoming really annoying, so I did some more tests. There are really weird things going on here.

The problem hapens on one of my machines only, and only with my user. But I could reproduce the problem after adding a test user and giving it all of my groups. I then removed the groups, one after another, and suddenly it was working again.

Same goes for me. After removing some probably not so necessary groups like cdrecord, dialout and video, I could access a remote directory where I had only matching group permissions.

I am in 22 groups now. When I add any other group to my groups, access is denied again.

Strange, huh?

[thecooptoo]

is this the same problem as I ( and others ) are having
https://forums.gentoo.org/viewtopic-t-370765-highlight-.html
_________________
join the optout - http://nhsconfidentiality.org

[weird wonko]

I don't think so. Mounting is okay, it's a permission only.

[Chris W]

Check that UIDs align between client and server for the user(s) concerned:

[weird wonko]

The UIDs are the same.

[Chris W]

My bad...been down the UID path before.

How are you mounting the export on the client? Are you using /etc/init.d/netmount, nfsmount, or manually? Are portmap and rpc.statd running on the client? Are there any associated error messages in dmesg or /var/log/messages on client or server?
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein

[weird wonko]

Oh, sorry for not responding, I overlooked your answer.

My setup is currently working, somehow. I had to remove some groups from my account, which was quite annoying, as I had to switch from time to time: Without being in games, all was fine, but then I wanted to play, so I re-added myselt to this group, and removed lp, until I needed to print, and so on. I don't remember which group I removed at last, but I don't seem to need it often, because I had no problems for a while

But I think I just found the answer: It looks like NFS does work only with up to 16 groups. I just read this in article <2005Dec22.180925@mips.complang.tuwien.ac.at> on alt.os.linux.gentoo. Googling for "NFS 16 groups" seems to confirm this. Oh my. Sometimes NFS really sucks in my opinion, I would never have thougt about such a problem.

Here is my current list of groups:

users: my primary group
lp: yes I want to print
wheel: I want to su
cron: I need cron jobs
audio: yes, I want this
cdrom: probably needed to access CD-ROMs
dialout: needed for my ISDN setup
video: I don''t remember what that was for, but I think I ran into a problem when I temporarily disabled that
games: sure!
slocate: also a must-have
p2p: that's where all the trouble started
vmware: I guess this has a purpose
portage: I could do it as root only, but I'd like to use portage as a regular user, too

13 groups until here. This is getting close.

cdrecording: I don't know, but I guess I need this
xcdwrite: Wasn't this only for xcdroast? Then I can get rid of it.
stats: Probably not necessary.

And some more groups that I created:

mp3: I do not like to have everyone access my MP3s
atv: My company's stuff, must not be available to others
wonko: another group only for me, I could remove that
ecat: another group having to do with my company, also not really important, but nice to have

So I can get below the 16-group-limit if necessary, but it's not very convenient. Well, I'll see if I get into trouble again, and until that I will keep the setup as it is. But I guess I now know what to do just in case.

[Kentar]

Hi

I've had the same problem, but i discovered something helpful:

If you've got more than 16 groups, NFS cuts off everyhting behind the 16th group. Change your necessary group ID (the one, which is needed by nfs to have write-permissions) so it is inside this Limit.
With it, it is possible to be in more than 16 Groups and have group-permissons with nfs. At Least it works for me.

[Kaboosh]

[RAPHEAD]

Hi,

for all that experience similar problems with NFSv4 like described in this thread, I found a solution:

If you can't get your UID / GID stuff being properly resolved on the client side (using netmount),
you probably need to start the nfs services -- that was at least the problem with my setup.
So do:

cd /etc/init.d
./nfs start

and try to mount again using

./netmount restart

@chrisw

you made me thinking about whether nfs is actually running or not -- thx