Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] NFSv4: gids not respected.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
roarinelk
Guru
Guru


Joined: 04 Mar 2004
Posts: 520
PostPosted: Mon Dec 04, 2017 12:15 pm    Post subject: [SOLVED] NFSv4: gids not respected. Reply with quote
I'm trying to access a directory on an NFS4-mount, which has RWX access granted only to a certain gid:

d---rwx--- 4 root backup 4096 Jan 1 00:01 restricted

The exporting and mounting machine use identical user names AND uids/gids, but I cannot access
the directory "restricted" on the machine mounting the share.

I can read/write/create/delete files on the share that belong to my login user, but cannot
for example, change their group. Of course the login user is member of group "backup"
on both the exporting and mounting machine.

Am I missing a special configuration option somewhere? (nfs-utils-2.2.2)

Thanks!

Last edited by roarinelk on Tue Dec 05, 2017 12:16 pm; edited 1 time in total
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
PostPosted: Mon Dec 04, 2017 12:42 pm    Post subject: Reply with quote
If it's not something obvious, it could be the NFS 16 group id limit.

Look at the output of "id". If 16 or more groups are shown before "backup", you have passed over that limit. A solution could be to set
Code:
OPTS_RPC_MOUNTD="--manage-gids"

in /etc/conf.d/nfs on your NFS server. But make sure to understand what that means. Be aware of the security implications.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470
PostPosted: Mon Dec 04, 2017 2:26 pm    Post subject: Re: NFSv4: gids not respected. Reply with quote
do you use all_squash?
Back to top
View user's profile Send private message
roarinelk
Guru
Guru


Joined: 04 Mar 2004
Posts: 520
PostPosted: Tue Dec 05, 2017 12:14 pm    Post subject: Reply with quote
mike155 wrote:
If it's not something obvious, it could be the NFS 16 group id limit.

Look at the output of "id". If 16 or more groups are shown before "backup", you have passed over that limit. A solution could be to set
Code:
OPTS_RPC_MOUNTD="--manage-gids"

in /etc/conf.d/nfs on your NFS server. But make sure to understand what that means. Be aware of the security implications.


You've hit the nail on the head, your suggestion works fine, thank you!
What are the security implications? Right now both server and clients have
identical uids/gids, using -g on the mountd actually does what the client
tries to do while running into the 16 gid limit. It's a shame that I can't
filter e.g. gids<1000 in the client's mount request, which would also "solve" this.

Thanks again! Grüsse aus Hofheim
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy