[Bug 62038] New: NFS servers doesn't allow access for some tool maintainers to their tool directories

Thu, 27 Feb 2014 22:28:22 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=62038

            Bug ID: 62038
           Summary: NFS servers doesn't allow access for some tool
                    maintainers to their tool directories
           Product: Wikimedia Labs
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: Unprioritized
         Component: tools
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]
       Web browser: ---
   Mobile Platform: ---

For users fsainsbu and tahir, the NFS server only recognize that they are
entitled to write in the directories of their tools when they use newgrp to set
the tool group as their primary group:

| scfc@tools-login:~$ sudo sudo -iu fsainsbu

| Did you know that there is a shared storage for everyone at /shared

| fsainsbu@tools-login:~$ touch /data/project/tasmania/test
| touch: cannot touch `/data/project/tasmania/test': Permission denied
| fsainsbu@tools-login:~$ newgrp local-tasmania
| fsainsbu@tools-login:~$ touch /data/project/tasmania/test
| fsainsbu@tools-login:~$

Permissions are correct:

| scfc@tools-login:~$ getent group local-tasmania
| local-tasmania:*:51744:fsainsbu
| scfc@tools-login:~$ ls -dl /data/project/tasmania
| drwxrwsr-x 4 local-tasmania local-tasmania 90 Feb 28 06:02
/data/project/tasmania
| scfc@tools-login:~$

Non-NFS works:

| fsainsbu@tools-login:~$ # Without newgrp.
| fsainsbu@tools-login:~$ ls -dl /tmp/tasmania-test /data/project/tasmania
| drwxrwsr-x 4 local-tasmania local-tasmania 90 Feb 28 06:02
/data/project/tasmania
| drwxrwsr-x 1 local-tasmania local-tasmania  0 Feb 28 06:20 /tmp/tasmania-test
| fsainsbu@tools-login:~$ touch /tmp/tasmania-test/test
| fsainsbu@tools-login:~$

It works also at least for me (scfc) writing to ~local-wikilint.

Googling suggests that the most common cause for secondary groups being ignored
seems to be that NFS limits them to 16 and the solution is to add
"--manage-gids" to the server, but:

| fsainsbu@tools-login:~$ groups 
| wikidev project-bastion project-tools local-tasmania
| fsainsbu@tools-login:~$

Coren, what's the setting of the NFS server at the moment?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to