1 |
Thanks Sami! |
2 |
|
3 |
On 4/3/06, Sami Samhuri <sami@××××××××××.com> wrote: |
4 |
> Mark Knecht wrote: |
5 |
> > Hello, |
6 |
> [...] |
7 |
> > There have been no changes or updates of any kind to the remote |
8 |
> > machine that has the NFS directory exported. Normal updates have been |
9 |
> > occurring on my AMD64 machine so presumably the problem is on this |
10 |
> > machine as none of the remote files are writable anymore. One thing I |
11 |
> > notice is that on the remote machine there are some directories and |
12 |
> > files which have user names and some which only have numbers like 501, |
13 |
> > 502, etc. |
14 |
> > |
15 |
> > Where would I start looking for what's changed? |
16 |
> |
17 |
> The file system stores a user id for the owner and group. ls looks up the user |
18 |
> id in /etc/passwd and shows you the username instead. You can make ls show user |
19 |
> id's instead of names with `ls -ln`. |
20 |
|
21 |
OK, I basically knew this... |
22 |
|
23 |
> |
24 |
> When you see numbers such as 501 in the directory listing that means the user or |
25 |
> group who had that user id is not found in /etc/passwd or /etc/group. |
26 |
|
27 |
OK, that means it's using the passwd file local to that specific |
28 |
machine then. Here's what I have: |
29 |
|
30 |
NFS Server: Only one user account: |
31 |
|
32 |
mythtv:x:1000:100::/home/mythtv:/bin/bash |
33 |
|
34 |
MythTV Backend Server: 3 user accounts: |
35 |
|
36 |
mark:x:500:100:Mark:/home/mark:/bin/bash |
37 |
evelyn:x:501:100:Evelyn:/home/evelyn:/bin/bash |
38 |
matt:x:502:100:Matt:/home/matt:/bin/bash |
39 |
|
40 |
AMD64 machine: 2 user accounts: |
41 |
|
42 |
mark:x:1000:100::/home/mark:/bin/bash |
43 |
matt:x:1001:100::/home/matt:/bin/bash |
44 |
|
45 |
> |
46 |
> The user id's on all the machines you use with NFS have to be the same. I found |
47 |
> this in the HP-UX documentation via google: |
48 |
> |
49 |
> >>>> From: http://docs.hp.com/en/5991-1153/ch02s01.html#bghdjbfa |
50 |
> |
51 |
> To Set User IDs and Group IDs (if neither NIS nor NIS+ is used) |
52 |
> |
53 |
> * Create one /etc/passwd file and one /etc/group file that contain all the users |
54 |
> and groups on the network, and then copy these files to all the machines on the |
55 |
> network. |
56 |
> |
57 |
> or |
58 |
> |
59 |
> * Edit the /etc/passwd and /etc/group files on each machine to ensure that the |
60 |
> following conditions are true: |
61 |
> |
62 |
> o Each user has the same user ID on all machines where that user has an account. |
63 |
> |
64 |
> o No two users anywhere on the network have the same user ID. |
65 |
> |
66 |
> o Each group has the same group ID on all machines where that group exists. |
67 |
> |
68 |
> o No two groups on the network have the same group ID. |
69 |
> |
70 |
> When users request NFS access to remote files, their user IDs and group IDs are |
71 |
> used to check file ownership and permissions, just as they are locally. |
72 |
> |
73 |
> If a user has one user ID on an NFS client and a different user ID on an NFS |
74 |
> server, the server will not grant the user access to his or her files on the |
75 |
> server, because it thinks the files belong to someone else. |
76 |
> |
77 |
> If a user on one machine has the same user ID as a user on another machine, one |
78 |
> user may gain access to the other user's files. |
79 |
> |
80 |
> >>>> |
81 |
> |
82 |
> Perhaps your user ids don't match. I've been bitten by this before sharing |
83 |
> between Mac OS X, Gentoo, and Ubuntu. Hope this helps. |
84 |
|
85 |
OK, I think you've hit on a potential problem here. Problem is what is |
86 |
the best way to address this on machines that have been running for a |
87 |
long time? Can I safely edit /etc/passwd and /etc/group and then do |
88 |
chown -R commands to change the ownership of files on the systems |
89 |
after I make all the IDs and groups identical? |
90 |
|
91 |
Thanks, |
92 |
Mark |
93 |
|
94 |
|
95 |
> |
96 |
> -- |
97 |
> Sam |
98 |
> -- |
99 |
> gentoo-amd64@g.o mailing list |
100 |
> |
101 |
> |
102 |
|
103 |
-- |
104 |
gentoo-amd64@g.o mailing list |