Last modified: 2014-08-28 14:32:12 UTC
For users fsainsbu and tahir, the NFS server only recognize that they are entitled to write in the directories of their tools when they use newgrp to set the tool group as their primary group: | scfc@tools-login:~$ sudo sudo -iu fsainsbu | Did you know that there is a shared storage for everyone at /shared | fsainsbu@tools-login:~$ touch /data/project/tasmania/test | touch: cannot touch `/data/project/tasmania/test': Permission denied | fsainsbu@tools-login:~$ newgrp local-tasmania | fsainsbu@tools-login:~$ touch /data/project/tasmania/test | fsainsbu@tools-login:~$ Permissions are correct: | scfc@tools-login:~$ getent group local-tasmania | local-tasmania:*:51744:fsainsbu | scfc@tools-login:~$ ls -dl /data/project/tasmania | drwxrwsr-x 4 local-tasmania local-tasmania 90 Feb 28 06:02 /data/project/tasmania | scfc@tools-login:~$ Non-NFS works: | fsainsbu@tools-login:~$ # Without newgrp. | fsainsbu@tools-login:~$ ls -dl /tmp/tasmania-test /data/project/tasmania | drwxrwsr-x 4 local-tasmania local-tasmania 90 Feb 28 06:02 /data/project/tasmania | drwxrwsr-x 1 local-tasmania local-tasmania 0 Feb 28 06:20 /tmp/tasmania-test | fsainsbu@tools-login:~$ touch /tmp/tasmania-test/test | fsainsbu@tools-login:~$ It works also at least for me (scfc) writing to ~local-wikilint. Googling suggests that the most common cause for secondary groups being ignored seems to be that NFS limits them to 16 and the solution is to add "--manage-gids" to the server, but: | fsainsbu@tools-login:~$ groups | wikidev project-bastion project-tools local-tasmania | fsainsbu@tools-login:~$ Coren, what's the setting of the NFS server at the moment?
We do use manage-gids and LDAP as the user backend; so that is was the issue. That said, I've tested the failing statements and they work at this time; it may have been solved by the move to eqiad.