System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

NFS mount remembers GIDs even after they are removed from a user until a remount

Timothy Czarnik
Esteemed Contributor

NFS mount remembers GIDs even after they are removed from a user until a remount

Hey all,

I am seeing something kooky and perhaps its a known thing that I've just not seen before. I have a RHEL4 server that has a directory mounted from an HP-UX server. The mount works fine, we can see data, etc... We have the owner and group permissions set and don't allow "others" into the NFS mount (permissions of 750). I can't change directory into these mounts as my own personal ID because of permissions, which is correct.

When I added myself to the group that has permission to go into the NFS mounts I was immediately able to do so, which is good. However, when I removed myself from the group that has permission to these directories I am still able to go into the NFS mounts. I logged out and back in and was STILL able to go into these NFS mounts even though I no longer had the rights to do so.

After unmounting and remounting the NFS filesystems the permissions once again kept me from getting into the NFS mounts. Is that normal? Does NFS cache permissions such that a person could retain permission to access directories even though those permissions have been removed?

Thanks in advance!

Tim
Hey! Who turned out the lights!
3 REPLIES
Stuart Browne
Honored Contributor

Re: NFS mount remembers GIDs even after they are removed from a user until a remount

I don't suppose you're running 'nscd' ?
One long-haired git at your service...
Timothy Czarnik
Esteemed Contributor

Re: NFS mount remembers GIDs even after they are removed from a user until a remount

Nope, nscd is not running on the server.
Hey! Who turned out the lights!
Dave Olker
HPE Pro

Re: NFS mount remembers GIDs even after they are removed from a user until a remount

Hi Tim,

If you mount the filesystem with the "noac" option do you still get the same behavior?

Regards,

Dave