Sabrina Lautier
2005-Sep-19 15:04 UTC
[Samba] File access rights on a NFS share: please help !
Hello, As I didn't get any answer, I'm posting my question again. Sorry to insist but I'm very embarrassed... I'm having troubles with access rights on files located on a NFS server (Solaris 8). The client machine is a Linux SuSe E9.0 and the samba suite version is samba-3.0.20, directly installed from a Linux package. The users connect to the Linux server without any Pb using their MS Windows account through Winbind+Kerberos. They belong to the right Windows groups but the file/dir access rights only work on local/SAN volumes. Ex: toto@lnxsrv$ id -a uid=16783675(NCEDOM\toto) gid=16777217(NCEDOM\domain users) groups=16777217(NCEDOM\domain users),16777328(NCEDOM\dev-iis) toto@lnxsrv$ cd /nfs_share toto@lnxsrv$ ls -ls 0 drwxrwx--- 2 root NCEDOM\dev-iis 80 2005-09-07 14:16 iis toto@lnxsrv$ cd iis -bash: cd: iis: Permission denied As you can see toto's primary group is NCEDOM\domain users but he also belongs to group NCEDOM\dev-iis. Yet directory iis belongs to group NCEDOM\dev-iis. But this work fine on a local FS. Any idea about how to solve this Pb: compilation option or winbind configuration maybe ? Any help would be greatly appreciated. Rgds, Sabrina
Jeremy Allison
2005-Sep-19 16:10 UTC
[Samba] File access rights on a NFS share: please help !
On Mon, Sep 19, 2005 at 05:03:34PM +0200, Sabrina Lautier wrote:> > Hello, > > As I didn't get any answer, I'm posting my question again. > Sorry to insist but I'm very embarrassed... > > I'm having troubles with access rights on files located on a NFS server > (Solaris 8). > The client machine is a Linux SuSe E9.0 and the samba suite version is > samba-3.0.20, directly installed from a Linux package.Solaris 8 has a limit of 16 groups I believe. If your user is in more than 16 groups the groups over 16 will be silently truncated for NFS access. Any way you can move to an NFS server that supports more groups ? Jeremy.
Tom Schaefer
2005-Sep-26 01:46 UTC
[Samba] Re: File access rights on a NFS share: please help !
On Mon, 19 Sep 2005 17:03:34 +0200 Sabrina Lautier <slautier@amadeus.com> wrote:> Ex: > toto@lnxsrv$ id -a > uid=16783675(NCEDOM\toto) gid=16777217(NCEDOM\domain users) > groups=16777217(NCEDOM\domain users),16777328(NCEDOM\dev-iis) > > toto@lnxsrv$ cd /nfs_share > toto@lnxsrv$ ls -ls > 0 drwxrwx--- 2 root NCEDOM\dev-iis 80 2005-09-07 14:16 iis > toto@lnxsrv$ cd iis > -bash: cd: iis: Permission denied > > As you can see toto's primary group is NCEDOM\domain users but he also > belongs to group NCEDOM\dev-iis. > Yet directory iis belongs to group NCEDOM\dev-iis. > But this work fine on a local FS. >Well possibly the problem is what Jeremy said. Something I'd look at though is the actual gid of the iis directory by simply using ls -n and verify for sure that the gid of the iis directory is 16777328. Possibly you have two gids both named NCEDOM\dev-iis and it isn't gid 16777328 that the iis directory belongs to. Tom Schaefer