I suspect that this may be working as designed, and the problem is a
misunderstanding of what --manage-gids is supposed to do?

I brought up 2 VMs, server & client. On each, I have a user 'emsnyder'
(ldap managed) and 'stack' (not ldap), and a group 'disk.' All the uids
and gids match for these users and groups.

emsnyder@server> sudo chown emsnyder:disk /srv/somedisk
emsnyder@server> sudo chmod 775 /srv/somedisk
emsnyder@server> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup)
emsnyder@server> sudo /etc/init.d/nfs-kernel-server start


emsnyder@client> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup),6(disk)
emsnyder@client> sudo mount -t nfs server:/srv/somedisk /mnt
emsnyder@client> ls -ld /mnt
drwxrwxr-x 4 emsnyder disk 4096 May 27 12:08 /mnt
emsnyder@client> date > /mnt/f
emsnyder@client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder nogroup    31 May 27 12:40 f
drwx------ 2 root     root    16384 May 27 11:13 lost+found
emsnyder@client> chown emsnyder:disk /mnt/f
chown: changing ownership of ‘/mnt/f’: Operation not permitted

But if I then
emsnyder@server> sudo adduser emsnyder disk
emsnyder@server> sudo exportfs -r

emsnyder@client> chown emsnyder:disk /mnt/f
emsnyder@client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder disk       31 May 27 12:40 f
drwx------ 2 root     root    16384 May 27 11:13 lost+found

The --manage-gids (confusingly named, IMHO) means that the server side
ignores the group membership information from the client, and looks just
at what groups the user has on the server side. Since emsnyder started
out without the 'disk' group membership on the server, the chown is
denied. Once I added emsnyder to the disk group on the server side, the
operation succeeds.

Also, the --manage-gids option is a configuration for the
/usr/sbin/rpc.mountd program, which is part of the nfs-kernel-server
package, not nfs-utils.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1454112

Title:
  Group permissions not respected with "--manage-gids" enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1454112/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to