[Bug 829312] Re: NFS group mapping faulty

Christopher Hirschmann 829312 at bugs.launchpad.net
Mon Aug 29 11:54:20 UTC 2011 

You were right, the problem does not exist with users who are in less
than 17 groups; I double-checked it with a completely new user account.

Thank you very much for your help.

So this is not a bug after all, but a design limitation. Maybe this
should be mentioned in a manpage. I've been using NFS for years and
never encountered this limitation before.

I don't know wether I will be setting up GSSAPI, since that is to my
knowledge dependent on Kerberos and I have never heard anything but
complaints about that from anyone. I'll probably just try to get rid of
some of those groups.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/829312

Title:
  NFS group mapping faulty

Status in “nfs-utils” package in Ubuntu:
  New

Bug description:
  I have the following setup:

  1 server running latest CentOS 5, exporting filesystems via NFSv4:
  /etc/exports:

  /exports 172.16.1.0/24(ro,insecure,sync,wdelay,no_subtree_check,crossmnt,all_squash,fsid=0)
  ...
  /exports/video \
          phosphorus.lair(rw,insecure,sync,wdelay,subtree_check,root_squash,mp=/exports/video,fsid=2) \
          salamander.lair(rw,insecure,sync,wdelay,subtree_check,root_squash,mp=/exports/video,fsid=12)
  ...

  1 client running latest Fedora 14, mounting filesystem via autofs
  1 client running latest Ubuntu 11.04, mounting filesystem via autofs

  On all three machines there are two users named scizzo (UID = 1023)
  and mahajivana (UID = 1042), who are both members of the group
  madhouse (GID = 4223). So since this is NFSv4 _and_ UIDs and GIDs are
  consistent on all machines, ID mapping should be a very easy task and
  NFS should work even without ID mapping.

  idmapd.conf on all three machines contains the same domain "Domain =
  lair".

  On the nfs mounts are files and folders owned by one of these users,
  but always owned by their shared group, which are (read- &) writeable
  by that group, one example:

  drwsrwsr-x 19 mahajivana   madhouse 4.0K Aug 15 17:38 video/

  Observed behaviour:

  The F14 client can access the NFS shares and each user is able to
  access (read & write) areas on the NFS shares that are writeable for
  their shared group, but not for the users themself.

  The U11.04 client can access the NFS shares, but they are limited to
  files and folders they own, any rights (read + write) they should gain
  through group membership are ineffective.

  I'll attach two files named nfs-success.txt and nfs-fail.txt; nfs-
  success.txt shows example commands that I ran on the the F14 client as
  well as corresponding logging information from the client and the
  server, nfs-fail.txt show the same example commands on the U11.04
  client and corresponding logs from the client and server. I hope this
  helps, if not tell me which verbosity to increase and which commands
  to run.

  Expected behaviour:

  The U11.04 client should behave like the F14 client.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: nfs-kernel-server (not installed)
  ProcVersionSignature: Ubuntu 2.6.38-10.46-generic 2.6.38.7
  Uname: Linux 2.6.38-10-generic x86_64
  Architecture: amd64
  Date: Fri Aug 19 11:38:52 2011
  ProcEnviron:
   LANGUAGE=en_GB:en
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: nfs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/829312/+subscriptions

More information about the foundations-bugs mailing list