Comment 5 for bug 1454112

Emile Snyder (emile-snyder) wrote :

I suspect that this may be working as designed, and the problem is a misunderstanding of what --manage-gids is supposed to do?

I brought up 2 VMs, server & client. On each, I have a user 'emsnyder' (ldap managed) and 'stack' (not ldap), and a group 'disk.' All the uids and gids match for these users and groups.

emsnyder@server> sudo chown emsnyder:disk /srv/somedisk
emsnyder@server> sudo chmod 775 /srv/somedisk
emsnyder@server> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup)
emsnyder@server> sudo /etc/init.d/nfs-kernel-server start

emsnyder@client> id
uid=110259082(emsnyder) gid=65534(nogroup) groups=65534(nogroup),6(disk)
emsnyder@client> sudo mount -t nfs server:/srv/somedisk /mnt
emsnyder@client> ls -ld /mnt
drwxrwxr-x 4 emsnyder disk 4096 May 27 12:08 /mnt
emsnyder@client> date > /mnt/f
emsnyder@client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder nogroup 31 May 27 12:40 f
drwx------ 2 root root 16384 May 27 11:13 lost+found
emsnyder@client> chown emsnyder:disk /mnt/f
chown: changing ownership of ‘/mnt/f’: Operation not permitted

But if I then
emsnyder@server> sudo adduser emsnyder disk
emsnyder@server> sudo exportfs -r

emsnyder@client> chown emsnyder:disk /mnt/f
emsnyder@client> ls -l /mnt
total 20
-rw-r--r-- 1 emsnyder disk 31 May 27 12:40 f
drwx------ 2 root root 16384 May 27 11:13 lost+found

The --manage-gids (confusingly named, IMHO) means that the server side ignores the group membership information from the client, and looks just at what groups the user has on the server side. Since emsnyder started out without the 'disk' group membership on the server, the chown is denied. Once I added emsnyder to the disk group on the server side, the operation succeeds.

Also, the --manage-gids option is a configuration for the /usr/sbin/rpc.mountd program, which is part of the nfs-kernel-server package, not nfs-utils.