Visit Our UNIX and Linux User Community


Issues with LDAP user/group permissions on NFS share

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Issues with LDAP user/group permissions on NFS share
# 1  
Old 07-16-2009
Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this.

[sshaun@upilampdev ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga)
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
upi-nasc:/vol/upilampdev/html on /var/www/html type nfs (rw,addr=192.168.43.9)
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ ls -ld /var/www/html/test-dir
drwxrwxr-x 2 apache web-developers 4096 Jul 16 2009 /var/www/html/test-dir
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ ls -ld /tmp/test-dir
drwxrwxr-x 2 apache web-developers 4096 Jul 16 16:07 /tmp/test-dir
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ id
uid=1010(sshaun) gid=2016(sshaun) groups=48(apache),1018(prod-ultradent),1022(prod-upijapan),1024(stage-distributornews),1032(stage-ultradent),1036(stage-upijapan),1052(stage-upiitaly),1066(stage-upibrazil),1067(stage-upispanish),1080(stage-upicroatia),1081(prod-upispanish),1084(prod-sfd),1085(stg-valo),1089(prod-scripts),1091(stg-upifrench),1092(stg-upidutch),1094(web-developers),1095(stg-upirussian),2016(sshaun)
[sshaun@upilampdev ~]$ getent group web-developers
web-developers:x:1094:aangela,wjonathan,sshaun
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ touch /tmp/test-dir/file
[sshaun@upilampdev ~]$
[sshaun@upilampdev ~]$ touch /var/www/html/test-dir/file
touch: cannot touch `/var/www/html/test-dir/file': Permission denied

What might be causing this? That NFS share is being mounted from a netapp and I don't believe it's being exported on there with any special options.

edit: and to make things even more weird this is only happening to 1 of the 4 users in the web-developers group

Thanks,
Dan
# 2  
Old 07-16-2009
If this is being mounted using NFS V3 then NFS V3 will only honour the first 16 groups the user is a member of, the user sshaun has the web-developers group as their 18th group by my count.
# 3  
Old 07-16-2009
Quote:
Originally Posted by TonyFullerMalv
If this is being mounted using NFS V3 then NFS V3 will only honour the first 16 groups the user is a member of, the user sshaun has the web-developers group as their 18th group by my count.
that might explain why it's randomly happening for this user as well as other users. I don't think LDAP keeps the groups in the same order every time. I did mount this with the -t NFS4 option and it didn't seem to fix the problem. I'll look into remove some of the groups from that user.
# 4  
Old 07-16-2009
On the ldap systems I have seen the groups are listed in the order the user was added to them, so you could try removing the user from all the secondary groups, adding the user back into the web-developers group first and then add them back into the other groups?
# 5  
Old 07-16-2009
removing him from several groups fixed the issue.

Should this be fixed in NFS_V4? I mounted this same Netapp share with mount.nfs4 and it didn't seem to make a difference. Does the netapp have to be NFS4 aware?
# 6  
Old 07-20-2009
NFS V4 will overcome the limit of 16 groups. The NetApp filer either needs to use the LDAP system or else replicate the users and groups in local files if it is not already so it "knows" who the users are and what groups they are in.
# 7  
Old 08-06-2009
You can add --manage-group-gids to the server. It'll fix this problem. If you're not having the same problem as me (I can't find a solution to it).

Cut down the groups until you've only got 3-4 and then test... If it's the same, then we're in the same boat.

Previous Thread | Next Thread
Test Your Knowledge in Computers #321
Difficulty: Medium
DHCP stands for Dynamic Host Configuration Port.
True or False?

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Mount NFS Share On NFS Client via bash script.

I need a help of good people with effective bash script to mount nfs shared, By the way I did the searches, since i haven't found that someone wrote a script like this in the past, I'm sure it will serve more people. The scenario as follow: An NFS Client with Daily CRON , running bash script... (4 Replies)
Discussion started by: Brian.t
4 Replies

2. Red Hat

NFS share full access for local user

Hi All, Is it possible to give full access for a normal user in a NFS share? If its not possible is there a trick with which I can make it work? Thanks in advance Shyam (1 Reply)
Discussion started by: shyam2j
1 Replies

3. UNIX for Dummies Questions & Answers

Permissions for NFS share

Hi, I have created a NFS share in Solaris 10 server1 and mounted it on solaris 10 server 2.But I want to change owner of the files from nobody to a particular user in client. Which command should I use. I have tried the following but it doesn't allow to change permissions in the server2 as... (0 Replies)
Discussion started by: Rossdba
0 Replies

4. Red Hat

NFS share

Hi, I have an NFS server, i want to mount that nfs share which is having around 500GB to my client system. But my client system doesnt have any free space, is it possible to mount that nfs share in my client. Regards, Mastan (1 Reply)
Discussion started by: mastansaheb
1 Replies

5. Web Development

Group and user permissions on mediawiki

I am working on setup a wiki which should have users and group having read or write permission. Before that we were using simple write to all methodology. Now the challenge is this that i have created a 3 users and all of the 3 are able to write to wiki and update the page. Now what i what to... (0 Replies)
Discussion started by: sunnysthakur
0 Replies

6. Linux

Default user:group permissions while creating files and directories

Hi, I am working on setup a environment where only a specific user can upload the builds on htdocs of apache. Now i want that a specific user can copy the builds on htdocs folder. I created a group "deploy" and assign user1 and user2 to this group. On Apache side i mentioned User=deploy... (3 Replies)
Discussion started by: sunnysthakur
3 Replies

7. UNIX for Advanced & Expert Users

[Solved] nfs share permissions with java

Please bare with me while I try to explain this weird problem. We are exporting a filesystem from an aix box to two linux boxes. On the linux box a java-weblogic application hits the share. For explanation benefits I'll describe the users thus. aix filesystem owned by userA in groupA on... (2 Replies)
Discussion started by: fwellers
2 Replies

8. Debian

webdav share per user ldap authentication

hi all, i have configured Apache with WEBDAV & my aim is sharing outlook calendars because we don't use M$ ExChange. From outlook i did a simple test & am able to share a calendar. I want to create share for each user & then authenticate against LDAP before they can publish their... (0 Replies)
Discussion started by: coolatt
0 Replies

9. AIX

NFS mounts and user permissions

We need to allow ordinary users to preform NFS mounts on a AIX server without giving them root access to the server. Is there a way to give an ordinary users root access on a tem basis or a script to allow them to preform NFS mounts? (4 Replies)
Discussion started by: daveisme
4 Replies

10. Shell Programming and Scripting

How can i copy user permissions(privileges) to a group

Hey there I have a problem and i was hoping that you guys could help me out I want to copy a user privileges to a group and i need to copy all privileges(Recursively) every directory with all its sub directories and I tried some solution and it did not work. I used the following command:- ... (14 Replies)
Discussion started by: The Dark Knight
14 Replies

Featured Tech Videos