| 1 |
On Monday 27 July 2009 16:40:43 Harry Putnam wrote: |
| 2 |
> Alan McKinnon <alan.mckinnon@×××××.com> writes: |
| 3 |
> > There is nothing much you can do about this except: |
| 4 |
> > |
| 5 |
> > Renumber your gid's locally to match the nfs server, |
| 6 |
> > or renumber the nfs share gids to match your local machine |
| 7 |
> |
| 8 |
> Looking into that I noticed, as you thought the gid of the share on |
| 9 |
> solaris is alphabetic wheel but numeric 15. Which is the gid of |
| 10 |
> `man' on gentoo. |
| 11 |
> |
| 12 |
> But I noticed the gid 16 is not taken on the gentoo os so promoted man |
| 13 |
> to gid 16 and changed wheel from 10 to 15. |
| 14 |
> |
| 15 |
> Logging my user out and back in I see the gid 15 now is wheel so the |
| 16 |
> same as solaris. |
| 17 |
|
| 18 |
When you do this, you only change the username attached to the gid. Remember |
| 19 |
that the filesystem does not know or care what username you use, it only knows |
| 20 |
about gids. You now need to find every file group owned by man's old gid and |
| 21 |
chown it to man's new gid. Put another way, the man groups files now appear to |
| 22 |
belong to the wheel group, and the wheel group's files are orphaned. This |
| 23 |
ought to do it: |
| 24 |
|
| 25 |
- umount nfs shares |
| 26 |
- find / -gid 15 -exec chown :16 {} +; |
| 27 |
- find / -gid 10 -exec chown :15 {} +; |
| 28 |
- mount nfs shares |
| 29 |
|
| 30 |
You must establish for yourself if any files were created meanwhile with gid |
| 31 |
10 or 15 and take steps to deal with those specially. |
| 32 |
|
| 33 |
> Having my user mount the nfs ... it ends up `reader:wheel'. Both are |
| 34 |
> my users uid and one of his gids so now both the uid and gid match |
| 35 |
> those on the solaris OS where user reader:wheel owns the source |
| 36 |
> directory. (also /projects on solaris box). |
| 37 |
> |
| 38 |
> But with all that in place.... a copy using `-a' still causes the the |
| 39 |
> same error warning. |
| 40 |
|
| 41 |
Let's try something stupid :-) |
| 42 |
|
| 43 |
cp -a is a GNU extension IIRC, and Solaris userland does not support it. |
| 44 |
Try cp -pr just for fun |
| 45 |
|
| 46 |
Also, there's an ACL on that file (the +). What are those rules, determined by |
| 47 |
getfacl? It shouldn't make a difference as ACLs cannot take away a user's |
| 48 |
permissions. But SELinux can ... offhand I cannot think of anything on Solaris |
| 49 |
that works similarly - anything ring a bell here about your nfs server? |
| 50 |
|
| 51 |
What are your mount options on the client side, and the relevant line in |
| 52 |
exports on the server side? |
| 53 |
|
| 54 |
> |
| 55 |
> ls -l /projects/it |
| 56 |
> -rw-r--r--+ 1 reader wheel 0 Jul 27 09:17 /projects/it |
| 57 |
> |
| 58 |
> cp -a /projects/it /projects/it2 |
| 59 |
> cp: preserving permissions for `/projects/it2': |
| 60 |
> Operation not supported |
| 61 |
> |
| 62 |
> ls -l /projects/it2 |
| 63 |
> -rw-r--r--+ 1 reader wheel 0 Jul 27 09:17 /projects/it2 |
| 64 |
> |
| 65 |
> ============================================== |
| 66 |
> |
| 67 |
> user reader (on gentoo) running command id -a |
| 68 |
> uid=1000(reader) gid=1000(reader) groups=15(wheel),16(man), |
| 69 |
> 250(portage),1000(reader) |
| 70 |
> |
| 71 |
> user reader (on solaris) running command id -a |
| 72 |
> uid=1000(reader) gid=10(staff) groups=10(staff),3(sys),4 |
| 73 |
> (adm),15(wheel) |
| 74 |
> |
| 75 |
> ============================================== |
| 76 |
> |
| 77 |
> And the nfs source directory is also set-gid (by user reader) |
| 78 |
> ls -ld /projects (on solaris server) |
| 79 |
> drwxr-sr-x 14 reader wheel 17 2009-07-27 09:29 /projects |
| 80 |
|
| 81 |
-- |
| 82 |
alan dot mckinnon at gmail dot com |
Archives