HPE Community
Operating System - Linux
1752577 Members
4259 Online
108788 Solutions
New Discussion юеВ

permission issue for a user...

 
SOLVED
Go to solution
MikeL_4
Super Advisor

тАО06-05-2011 09:26 AM

тАО06-05-2011 09:26 AM

permission issue for a user...

I have a server that NFS mounts a file system that contains an ftp directory...
On this server the application group has an admin ID that they use to process files in these directories...

The directory with an issue is the inbound directory:

[root@awopvpa01 sftponly]# ls -al ./arisftp
total 16
drwxr-xr-x 4 633 sftponly24 4096 Jun 5 01:50 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 633 sftponly24 4096 Jun 5 13:01 inbound

When the ID infawcp tries to access they are getting permission denied:

=> cd /t3public/infawcp/sftponly/arisftp/inbound
AWCC:PROD infawcp@awopvpa01 [/t3public/infawcp/sftponly/arisftp/inbound]:
=> touch ./test_file
touch: cannot touch `./test_file': Permission denied
=>

If I try another directory, that is setup the same way, they have no issue:
# ls -al ./synvsftp
total 2548
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:08 inbound

=> cd /t3public/infawcp/sftponly/synvsftp/inbound
=> touch ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
-rw-rw-r-- 1 infawcp infinys 0 Jun 5 13:24 mike
=> rm ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
=>

The ID has group permissions on both of these directories:
=> id
uid=650(infawcp) gid=601(infinys) groups=601(infinys),610(sftponly1),611(sftponly2),612(sftponly3),613(sftponly4),614(sftponly5),617(sftponly8),620(sftponly11),621(sftponly12),622(sftponly13),623(sftponly14),624(sftponly15),625(sftponly16),626(sftponly17),627(sftponly18),629(sftponly20),630(sftponly21),631(sftponly22),632(sftponly23),633(sftponly24)

We are running Red Hat 5.6 on the servers, anyone have any ideas what may be causing this ??
0 Kudos
2 REPLIES 2
Matti_Kurkela
Honored Contributor

тАО06-05-2011 11:56 AM

тАО06-05-2011 11:56 AM

Solution

Re: permission issue for a user...

The NFS protocol versions 2 and 3 limit the maximum effective number of supplementary groups to 16. Run "man 5 nfs" and read the paragraph titled "SECURITY CONSIDERATIONS".

This limitation is written in the NFS protocol standards.

NFS version 4 would allow this limit to be overcome, but only if you use one of the newer authentication modes, like RPCGSS:

http://nfsworld.blogspot.com/2005/03/whats-deal-on-16-group-id-limitation.html

The only workaround I know is to rearrange the supplemental groups so that the groups required for NFS access are within the first 16 supplemental groups for that user.

MK
MK
0 Kudos
MikeL_4
Super Advisor

тАО06-05-2011 12:56 PM

тАО06-05-2011 12:56 PM

Re: permission issue for a user...

Learned something new again today, did not realize there was this limit....

I dropped the supplemental groups down to 16 and the issue was resolved...

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.