On Thu, 2007-03-22 at 15:14 +0200, Juha Jäykkä wrote: > Hi! > > I'm having trouble with NFSv4 mounts on etch. There are two (possibly > related) problems. The first one is simple: the mount becomes > inaccessible (permission denied) every now and then (it is mounted with > sec=krb5), with no discernable pattern: I just had a mount which was fine > for over a month, but then it suddenly became inaccessible. This has > happened occassionally for over half a year, but simply restarting the > server daemons has fixed it, so I haven't bothered looking into it more > carefully. > > Now I hit another problem: the same mountpoint suddenly claims that: > > [EMAIL PROTECTED] 15:08:44 /hds/faddeev/unknots/1r1+1> rm 1r1+1_0.bin > rm: remove write-protected regular file `1r1+1_0.bin'? y > > And refuses to remove the file, even though: > > [EMAIL PROTECTED] 15:12:20 /hds/faddeev/unknots/1r1+1> whoami > juhaj > [EMAIL PROTECTED] 15:12:28 /hds/faddeev/unknots/1r1+1> ls -l 1r1+1_0.bin > -rw-r--r-- 1 juhaj juhaj 128088 2007-03-22 10:30 1r1+1_0.bin > > And this cannot be fixed. I even umounted the file system, shut down both > server AND client processes (incl. idmapd), started them again and > remounted the filesystem - it still won't remove the file. > > Any ideas as to how to fix this?
Unfortunately, I may have a bug answer for you, but I cannot find the actual bug. I've been reading quite a lot on NFSv(234) and I came across a bug in Debian and other distros that when all needed daemons (lockd, nfsd, idmapd, etc...) You still may have to use "kinit" to refresh your ticket after mounting the nfs share. Now, I cannot find it right now, my google-fu is run-a-muck (yes I am being lazy). But I believe if you look in bugs.debian.org you should find it. If after this you cannot find the workaround and/or bug, I guess you'll have to ask again, later today. I just got done being on-call as a conslutant for 72 hours straight and I got six calls in panic, during a production roll out. They assumed it was all my problem, which they forgot to open up the reverse proxies to do work. Someone in NOC would open them up... all is good. Another person in NOC found these holes and would close them. Six shift changes. All of them had memos, all of them were printed on bright neon green paper. Not a one read them, they just noted the difference from "last time they were on" and fixed it. I guess 72 hours @ $250/hour due to idiocy is a good thing. Otherwise it was courtesy, if it would have been my stuff. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
