1 |
On Monday 27 July 2009 16:40:43 Harry Putnam wrote: |
2 |
> Alan McKinnon <alan.mckinnon@×××××.com> writes: |
3 |
> > There is nothing much you can do about this except: |
4 |
> > |
5 |
> > Renumber your gid's locally to match the nfs server, |
6 |
> > or renumber the nfs share gids to match your local machine |
7 |
> |
8 |
> Looking into that I noticed, as you thought the gid of the share on |
9 |
> solaris is alphabetic wheel but numeric 15. Which is the gid of |
10 |
> `man' on gentoo. |
11 |
> |
12 |
> But I noticed the gid 16 is not taken on the gentoo os so promoted man |
13 |
> to gid 16 and changed wheel from 10 to 15. |
14 |
> |
15 |
> Logging my user out and back in I see the gid 15 now is wheel so the |
16 |
> same as solaris. |
17 |
|
18 |
When you do this, you only change the username attached to the gid. Remember |
19 |
that the filesystem does not know or care what username you use, it only knows |
20 |
about gids. You now need to find every file group owned by man's old gid and |
21 |
chown it to man's new gid. Put another way, the man groups files now appear to |
22 |
belong to the wheel group, and the wheel group's files are orphaned. This |
23 |
ought to do it: |
24 |
|
25 |
- umount nfs shares |
26 |
- find / -gid 15 -exec chown :16 {} +; |
27 |
- find / -gid 10 -exec chown :15 {} +; |
28 |
- mount nfs shares |
29 |
|
30 |
You must establish for yourself if any files were created meanwhile with gid |
31 |
10 or 15 and take steps to deal with those specially. |
32 |
|
33 |
> Having my user mount the nfs ... it ends up `reader:wheel'. Both are |
34 |
> my users uid and one of his gids so now both the uid and gid match |
35 |
> those on the solaris OS where user reader:wheel owns the source |
36 |
> directory. (also /projects on solaris box). |
37 |
> |
38 |
> But with all that in place.... a copy using `-a' still causes the the |
39 |
> same error warning. |
40 |
|
41 |
Let's try something stupid :-) |
42 |
|
43 |
cp -a is a GNU extension IIRC, and Solaris userland does not support it. |
44 |
Try cp -pr just for fun |
45 |
|
46 |
Also, there's an ACL on that file (the +). What are those rules, determined by |
47 |
getfacl? It shouldn't make a difference as ACLs cannot take away a user's |
48 |
permissions. But SELinux can ... offhand I cannot think of anything on Solaris |
49 |
that works similarly - anything ring a bell here about your nfs server? |
50 |
|
51 |
What are your mount options on the client side, and the relevant line in |
52 |
exports on the server side? |
53 |
|
54 |
> |
55 |
> ls -l /projects/it |
56 |
> -rw-r--r--+ 1 reader wheel 0 Jul 27 09:17 /projects/it |
57 |
> |
58 |
> cp -a /projects/it /projects/it2 |
59 |
> cp: preserving permissions for `/projects/it2': |
60 |
> Operation not supported |
61 |
> |
62 |
> ls -l /projects/it2 |
63 |
> -rw-r--r--+ 1 reader wheel 0 Jul 27 09:17 /projects/it2 |
64 |
> |
65 |
> ============================================== |
66 |
> |
67 |
> user reader (on gentoo) running command id -a |
68 |
> uid=1000(reader) gid=1000(reader) groups=15(wheel),16(man), |
69 |
> 250(portage),1000(reader) |
70 |
> |
71 |
> user reader (on solaris) running command id -a |
72 |
> uid=1000(reader) gid=10(staff) groups=10(staff),3(sys),4 |
73 |
> (adm),15(wheel) |
74 |
> |
75 |
> ============================================== |
76 |
> |
77 |
> And the nfs source directory is also set-gid (by user reader) |
78 |
> ls -ld /projects (on solaris server) |
79 |
> drwxr-sr-x 14 reader wheel 17 2009-07-27 09:29 /projects |
80 |
|
81 |
-- |
82 |
alan dot mckinnon at gmail dot com |