[Bug 1454112] Re: Group permissions not respected with "--manage-gids" enabled
Emile Snyder
1454112 at bugs.launchpad.net
Fri May 27 19:48:43 UTC 2016
I suspect that this may be working as designed, and the problem is a
misunderstanding of what --manage-gids is supposed to do?
I brought up 2 VMs, server & client. On each, I have a user 'emsnyder'
(ldap managed) and 'stack' (not ldap), and a group 'disk.' All the uids
and gids match for these users and groups.
emsnyder at server> sudo chown emsnyder:disk /srv/somedisk
emsnyder at server> sudo chmod 775 /srv/somedisk
emsnyder at server> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup)
emsnyder at server> sudo /etc/init.d/nfs-kernel-server start
emsnyder at client> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup),6(disk)
emsnyder at client> sudo mount -t nfs server:/srv/somedisk /mnt
emsnyder at client> ls -ld /mnt
drwxrwxr-x 4 emsnyder disk 4096 May 27 12:08 /mnt
emsnyder at client> date > /mnt/f
emsnyder at client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder nogroup 31 May 27 12:40 f
drwx------ 2 root root 16384 May 27 11:13 lost+found
emsnyder at client> chown emsnyder:disk /mnt/f
chown: changing ownership of ‘/mnt/f’: Operation not permitted
But if I then
emsnyder at server> sudo adduser emsnyder disk
emsnyder at server> sudo exportfs -r
emsnyder at client> chown emsnyder:disk /mnt/f
emsnyder at client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder disk 31 May 27 12:40 f
drwx------ 2 root root 16384 May 27 11:13 lost+found
The --manage-gids (confusingly named, IMHO) means that the server side
ignores the group membership information from the client, and looks just
at what groups the user has on the server side. Since emsnyder started
out without the 'disk' group membership on the server, the chown is
denied. Once I added emsnyder to the disk group on the server side, the
operation succeeds.
Also, the --manage-gids option is a configuration for the
/usr/sbin/rpc.mountd program, which is part of the nfs-kernel-server
package, not nfs-utils.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1454112
Title:
Group permissions not respected with "--manage-gids" enabled
Status in nfs-utils package in Ubuntu:
Confirmed
Bug description:
user at cloudVM:/mnt/extraFiles/chroot/home$ ls -l
total 20
drwxrws--- 6 storageUsers storageUsers 4096 maj 12 08:14 actualCommonFiles
drwxr-xr-x 2 root root 4096 maj 12 07:32 commonFilesR
drwxrwxr-x 8 user user 4096 maj 12 08:14 user
drwxrwxr-x 2 user user 4096 maj 9 16:52 guest
drwxr-xr-x 3 storageUsers storageUsers 4096 maj 12 08:50 test
user at cloudVM:/mnt/extraFiles/chroot/home$ groups
user storageUsers commonFilesRW
---With "--manage-gids" enabled in /etc/default/nfs-kernel-server (default for Ubuntu 14.04):
user at cloudVM:/mnt/extraFiles/chroot/home$ cd actualCommonFiles/
bash: cd: actualCommonFiles/: Permission denied
---Without --manage-gids":
user at cloudVM:/mnt/extraFiles/chroot/home$ cd actualCommonFiles/
user at cloudVM:/mnt/extraFiles/chroot/home/actualCommonFiles$
========
- Expected:
"user" is member of "storageUsers" and should have Read, Write, and
List rights for "actualCommonFiles". "cd" should be successful.
- Happened:
"user" was denied access to the "storageUsers" directory.
=======
- This bug has been filed a long time ago
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/409366 but was
closed.
- NFS Server:
Release:
Ubuntu 14.04.2 LTS
nfs-kernel-server version:
Installed: 1:1.2.8-6ubuntu1
- NFS Client:
Release:
Debian 8
nfs-common:
Installed: 1:1.2.8-9
//Please excuse any mistakes, this is my first bug report, Thank You.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1454112/+subscriptions
More information about the foundations-bugs
mailing list