- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- permission issue for a user...
Operating System - Linux
1752577
Members
4259
Online
108788
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-05-2011 09:26 AM
тАО06-05-2011 09:26 AM
I have a server that NFS mounts a file system that contains an ftp directory...
On this server the application group has an admin ID that they use to process files in these directories...
The directory with an issue is the inbound directory:
[root@awopvpa01 sftponly]# ls -al ./arisftp
total 16
drwxr-xr-x 4 633 sftponly24 4096 Jun 5 01:50 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 633 sftponly24 4096 Jun 5 13:01 inbound
When the ID infawcp tries to access they are getting permission denied:
=> cd /t3public/infawcp/sftponly/arisftp/inbound
AWCC:PROD infawcp@awopvpa01 [/t3public/infawcp/sftponly/arisftp/inbound]:
=> touch ./test_file
touch: cannot touch `./test_file': Permission denied
=>
If I try another directory, that is setup the same way, they have no issue:
# ls -al ./synvsftp
total 2548
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:08 inbound
=> cd /t3public/infawcp/sftponly/synvsftp/inbound
=> touch ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
-rw-rw-r-- 1 infawcp infinys 0 Jun 5 13:24 mike
=> rm ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
=>
The ID has group permissions on both of these directories:
=> id
uid=650(infawcp) gid=601(infinys) groups=601(infinys),610(sftponly1),611(sftponly2),612(sftponly3),613(sftponly4),614(sftponly5),617(sftponly8),620(sftponly11),621(sftponly12),622(sftponly13),623(sftponly14),624(sftponly15),625(sftponly16),626(sftponly17),627(sftponly18),629(sftponly20),630(sftponly21),631(sftponly22),632(sftponly23),633(sftponly24)
We are running Red Hat 5.6 on the servers, anyone have any ideas what may be causing this ??
On this server the application group has an admin ID that they use to process files in these directories...
The directory with an issue is the inbound directory:
[root@awopvpa01 sftponly]# ls -al ./arisftp
total 16
drwxr-xr-x 4 633 sftponly24 4096 Jun 5 01:50 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 633 sftponly24 4096 Jun 5 13:01 inbound
When the ID infawcp tries to access they are getting permission denied:
=> cd /t3public/infawcp/sftponly/arisftp/inbound
AWCC:PROD infawcp@awopvpa01 [/t3public/infawcp/sftponly/arisftp/inbound]:
=> touch ./test_file
touch: cannot touch `./test_file': Permission denied
=>
If I try another directory, that is setup the same way, they have no issue:
# ls -al ./synvsftp
total 2548
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 .
drwxr-xr-x 27 root root 4096 Feb 3 14:27 ..
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:08 inbound
=> cd /t3public/infawcp/sftponly/synvsftp/inbound
=> touch ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
-rw-rw-r-- 1 infawcp infinys 0 Jun 5 13:24 mike
=> rm ./mike
=> ls -al
total 8
drwxrwxr-x 2 612 sftponly3 4096 Jun 5 13:24 .
drwxr-xr-x 4 612 sftponly3 4096 May 6 15:42 ..
=>
The ID has group permissions on both of these directories:
=> id
uid=650(infawcp) gid=601(infinys) groups=601(infinys),610(sftponly1),611(sftponly2),612(sftponly3),613(sftponly4),614(sftponly5),617(sftponly8),620(sftponly11),621(sftponly12),622(sftponly13),623(sftponly14),624(sftponly15),625(sftponly16),626(sftponly17),627(sftponly18),629(sftponly20),630(sftponly21),631(sftponly22),632(sftponly23),633(sftponly24)
We are running Red Hat 5.6 on the servers, anyone have any ideas what may be causing this ??
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-05-2011 11:56 AM
тАО06-05-2011 11:56 AM
Solution
The NFS protocol versions 2 and 3 limit the maximum effective number of supplementary groups to 16. Run "man 5 nfs" and read the paragraph titled "SECURITY CONSIDERATIONS".
This limitation is written in the NFS protocol standards.
NFS version 4 would allow this limit to be overcome, but only if you use one of the newer authentication modes, like RPCGSS:
http://nfsworld.blogspot.com/2005/03/whats-deal-on-16-group-id-limitation.html
The only workaround I know is to rearrange the supplemental groups so that the groups required for NFS access are within the first 16 supplemental groups for that user.
MK
This limitation is written in the NFS protocol standards.
NFS version 4 would allow this limit to be overcome, but only if you use one of the newer authentication modes, like RPCGSS:
http://nfsworld.blogspot.com/2005/03/whats-deal-on-16-group-id-limitation.html
The only workaround I know is to rearrange the supplemental groups so that the groups required for NFS access are within the first 16 supplemental groups for that user.
MK
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-05-2011 12:56 PM
тАО06-05-2011 12:56 PM
Re: permission issue for a user...
Learned something new again today, did not realize there was this limit....
I dropped the supplemental groups down to 16 and the issue was resolved...
Thanks
I dropped the supplemental groups down to 16 and the issue was resolved...
Thanks
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP