NFS share blocked based on user?

hasues · n00b Joined: 04 Mar 2004 Posts: 54

I have three hosts. One is the nfs server, and two are nfs clients. On one of the clients, logged in as my user id, I can not access the data on that share.

On the client with the user having the issue:
[myuser] $ cd /home

[myuser] $ ls
myuser photos

[myuser] $ ls -la
total 24
drwxr-xr-x 4 root root 4096 Nov 19 2009 .
drwxr-xr-x 22 root root 4096 Aug 24 01:32 ..
drwxr-xr-x 150 myuser users 4096 Aug 26 18:55 myuser
-rw-r--r-- 1 root root 0 Aug 3 2006 .keep
drwxrwx--x 176 1023 pixpeeps 12288 Aug 20 19:39 photos

[myuser] $ mount |grep nfs
mindpaint:/home/photos on /home/photos type nfs (ro,addr=192.168.74.1)

[myuser] $ cd photos
[myuser] $ ls
ls: cannot open directory .: Permission denied

[myuser] $ groups
disk wheel floppy uucp audio cdrom dialout video games cdrw usb users vboxusers plugdev scanner wireshark pixpeeps

[myuser] $ cd ..
[myuser] $ sudo useradd -g pixpeeps -s /bin/bash testuser
Password:

[myuser] $ sudo passwd testuser
New password:
Retype new password:
passwd: password updated successfully

[myuser] $ su - testuser
Password:
No directory, logging in with HOME=/

testuser@myhost / $ cd /home/photos

testuser@myhost /home/photos $ ls
2002 Christmas
2003 Christmas

testuser@myhost /home/photos $

So I think this proves that the client works correctly on this host. As shown the user is in the appropriate group, but for whatever reason this user can not access the data on the share. If I create a user and put it in the same group, it works fine. The only thing I can think that changed is that the host was updated recently. This used to work fine.

/etc/fstab contains:
192.168.74.1:/home/photos /home/photos nfs ro 0 0

I'm stumped. Is something in policy kit preventing it? Pam? My user on the third host, another client, works correctly there...the UIDs and GIDs match in the /etc/passwd and /etc/group files on all hosts.
_________________
Lettuce, Pickles, hold the mayo!

eccerr0r · Posted: Sat Aug 27, 2011 8:40 am Post subject:

Did you try rebooting/relogin on the client?

Does running 'newgrp pixpeeps' before cd'ing into the directory help? (Then client reboot/relogin may help)
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

Hu · Administrator Joined: 06 Mar 2007 Posts: 23091

Your user's first sixteen groups do not contain pixpeeps. If I recall correctly, a protocol limitation causes only your first sixteen groups to be sent when checking access permissions.

hasues · n00b Joined: 04 Mar 2004 Posts: 54

A reboot shouldn't be needed because the client does work...the addition of a user proves such, and if anything it would prove there is something wrong with the user...the host was rebooted once as I wanted to make sure that I had the correct options in the nfs module.

As far as the number of groups, that appears to be the issue because if these groups are sent in ascending order of gid, pixpeeps would be last, and I recently added that user to the uucp group. I removed the disk group because I don't think the user needs access to the disk group. Thank you both for your help. I spent all day and all night looking that up, and it was mind boggling.

Haz
_________________
Lettuce, Pickles, hold the mayo!