HPE Community
Operating System - HP-UX
1834925 Members
2766 Online
110071 Solutions
New Discussion

Re: sticky bit and nfs

 
Eric Chamard
Occasional Advisor

‎10-09-2002 07:17 AM

‎10-09-2002 07:17 AM

sticky bit and nfs

Hello,

I have a problem I can't solve:
mkdir models
chmod 1777 models
chown user-x:groupe-x models
umask 003 for all users

A local user-y (same group as user-x) can access and modify the files in models from user-x but cannot remove the files.It's OK, the sticky bit is working properly.

But models is shared by nfs and mounted in others machines. And user-y on the remote machine can remove all files in models.

Where is the problem ?
Any Idea ?

regards

0 Kudos
Reply
9 REPLIES 9
Gary Yu
Super Advisor

‎10-09-2002 09:09 AM

‎10-09-2002 09:09 AM

Re: sticky bit and nfs

Hi Eric,

maybe the user-y on the NFS client host has the same UID as user-x on the NFS server host.

if you do a "ll" on the NFS client, what's the file ownership showing there, I guess it will be user-y even if it belongs to user-x on the NFS server. could you try another user on the client other than user-y?

Gary
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎10-09-2002 09:41 AM

‎10-09-2002 09:41 AM

Re: sticky bit and nfs

How is the filesystem exported (ie the entries in /etc/exports) ?
0 Kudos
Reply
Eric Chamard
Occasional Advisor

‎10-09-2002 10:02 AM

‎10-09-2002 10:02 AM

Re: sticky bit and nfs

Hello,

Users are different (uid) because all stations are using NIS. I tried with different users but it's always the same problem.

The export in /etc/exports is
/catia_cache -anon=65534

The mount is done by the automountd deamon: The file auto.direct contain :
/catia_cache supcatia:/catia_cache

Thanks
0 Kudos
Reply
Eric Chamard
Occasional Advisor

‎10-09-2002 10:06 AM

‎10-09-2002 10:06 AM

Re: sticky bit and nfs

I forgot to specify that models is under /catia_cache.

I tested to force a sticky bit to /catia_cache (root owner) too without success.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎10-09-2002 10:36 AM

‎10-09-2002 10:36 AM

Re: sticky bit and nfs

This is what I know .. given the way /catia_cache is exported and your users are on NIS and regardless of where user-y logs in to, whether or not the files in "models" can be deleted would depends on the permission and ownership setting on those files. For example ..
fileA
owner=user-x group=groupe-x
permission=-rw-rw-r--
User "user-y" (same group) is able to remove fileA because he/she has explicit write permission on fileA. If you change the permission to -rw-r--r-- then "user-y" would not be able to delete it.
0 Kudos
Reply
Eric Chamard
Occasional Advisor

‎10-09-2002 11:12 AM

‎10-09-2002 11:12 AM

Re: sticky bit and nfs

Yes but in this case, the others users cannot modify the files.

I think I was not clear :-), in fact, the result I want is :
Everybody can create a file.
Everybody can read or modify an existing file, (owner or not of this file) because sometimes the application doesn't create new files but update its.
Nobody can remove any files.

Do a simple way exists to do it remotly ? Because the local is working well as I explain in my first message. The only problem is NFS.

Regards




0 Kudos
Reply
Govind
Frequent Advisor

‎10-09-2002 11:56 AM

‎10-09-2002 11:56 AM

Re: sticky bit and nfs

Here is what I would suggest,
Try doing a chmod 1777 as a root on supcatia for the directory /catia_cache. You cannot turn on a sticky bit if the original automounted directory doesnt have it.However if supcatia:/catia_cache has the sticky bit turned on even if its automounted on anyother workstations it will be carried on. Follow the steps outlined below, it may help u solve the issue.
1)chmod +t /catia_cache on supcatia.Do ls -ld /catia_cache to make sure the sticky bit is turned on.
2)On anyother workstation do a showmount -e supcatia to see if the /catia_cache is seen on that workstation
3)Just create any directory mnt, for example, and do
mount supcatia:/catia_cache /mnt1
4)ls -ld /mnt1
You should see the sticky bit turned on /mnt1 once the mount occurs.
Dont try to fix something till it Aint Broke...Honesty is not always the best policy.....
0 Kudos
Reply
Eric Chamard
Occasional Advisor

‎10-09-2002 12:24 PM

‎10-09-2002 12:24 PM

Re: sticky bit and nfs

Hello Govind,

It's right, the sticky bit is applied on supcatia (verified) on the mount point (verified) but it doesn't work...in remote, only in local....
0 Kudos
Reply
Eric Chamard
Occasional Advisor

‎10-09-2002 12:36 PM

‎10-09-2002 12:36 PM

Re: sticky bit and nfs

Hello Boys,
I have some news.

The others users can remove files remotly because the FS was mounted by automountd and not in fstab.
This correct a part of my problem and the fact that the owner can delete his file will be corrected by an automatic modification of the owner to root after the file creation with rights rw-rw-rw.

Thanks to all.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.