Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
permission issue using nfsv4
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
javeree
Guru
Guru


Joined: 29 Jan 2006
Posts: 406

PostPosted: Fri Mar 06, 2020 6:14 pm    Post subject: permission issue using nfsv4 Reply with quote

background:
I wanted to run a dovecot server on nfsclient, and export the mail spool as '/mnt/mail' via nfsv4.
user 'jan' has uid 1002 on nfsclient and uid 1000 on nfsserver, so my first attempt resulted in /mnt/mail/jan/* to be owned by another user who happened to have uid 1000 on the nfs server.
=> I ran idmapd on both nfsclient and nfsserver, restarted the server and remounted the share.

As user jan, I get for "ls -ld /mnt/mail/jan /mnt/mail/jan/*"

Quote:
ls: cannot access '/mnt/mail/jan/*': Permission denied
drwx------ 300 jan root 20480 Mar 6 18:12 /mnt/mail/jan


Stilll, I see that files /mnt/mail/jan/* are owned by user jan:
Now running as root on nfsclient: ls -ld /mnt/mail/jan /mnt/mail/jan/* (I get the exact same output when I run this on nfsserver
Quote:
drwx------ 300 jan root 20480 Mar 6 18:12 /mnt/mail/jan
drwx------ 2 jan root 290816 Mar 6 18:11 /mnt/mail/jan/cur
-rw------- 1 jan users 21160 Mar 6 18:09 /mnt/mail/jan/dovecot.index
-rw------- 1 jan users 165288 Mar 6 18:11 /mnt/mail/jan/dovecot.index.cache
-rw------- 1 jan users 12544 Mar 6 18:12 /mnt/mail/jan/dovecot.index.log
-rw------- 1 jan users 32832 Mar 5 19:34 /mnt/mail/jan/dovecot.index.log.2
-rw------- 1 jan users 14677 Mar 29 2014 /mnt/mail/jan/dovecot.index.thread
-rw------- 1 jan users 71 May 30 2019 /mnt/mail/jan/dovecot-keywords
-rw------- 1 jan users 32232 Mar 4 12:31 /mnt/mail/jan/dovecot.list.index
-rw------- 1 jan users 5312 Mar 6 18:11 /mnt/mail/jan/dovecot.list.index.log
-rw------- 1 jan users 3864 Feb 28 09:59 /mnt/mail/jan/dovecot.mailbox.log
-rw------- 1 jan users 4104 Nov 12 2017 /mnt/mail/jan/dovecot.mailbox.log.2
-rw------- 1 jan users 73324 Mar 6 17:56 /mnt/mail/jan/dovecot-uidlist
-rw------- 1 jan users 8 Feb 27 21:53 /mnt/mail/jan/dovecot-uidvalidity
-rw------- 1 jan users 0 Aug 4 2010 /mnt/mail/jan/dovecot-uidvalidity.4c589e62
-r--r--r-- 1 jan users 0 Oct 24 2012 /mnt/mail/jan/dovecot-uidvalidity.50881400
drwx------ 2 jan root 73728 Mar 6 17:56 /mnt/mail/jan/new
-rw------- 1 jan users 6568 Feb 28 09:59 /mnt/mail/jan/subscriptions
drwx------ 2 jan root 69632 Mar 6 17:56 /mnt/mail/jan/tmp



I got some extra information from dovecot running on nfsclient. I can start dovecot alright, but when I try to read my inbox, I get the following in dovecot log:
Quote:
Mar 06 18:26:11 [dovecot] imap-login: Login: user=<jan>, method=PLAIN, rip=192.168.1.20, lip=192.168.4.58, mpid=24281, TLS, session=<L3wE8zKgwJDAqAEU>
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: stat(/mnt/mail/jan/subscriptions) failed: Permission denied
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: open(/mnt/mail/jan/dovecot.list.index.log) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +x perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?))
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: opendir(/mnt/mail/jan) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +r perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?), dir owned by 0:100 mode=0750)
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: Couldn't create mailbox list lock /mnt/mail/jan/mailboxes.lock: file_create_locked(/mnt/mail/jan/mailboxes.lock) failed: open(/mnt/mail/jan/mailboxes.lock) failed: Permission denied
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: stat(/mnt/mail/jan/tmp) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +x perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?))


The key here seems to be that somehow /mnt/mail/jan/ is owned by root:users instead of jan:root as the ls command thinks.
But here I am stuck. What could cause this 'incorrect' ownership ?

FYI, here is more info related to this mount:

/etc/fstab on nfsclient:
Quote:
nfsserver:/mnt/mail /mnt/mail nfs _netdev,noauto,noatime,hard,intr,vers=4 0 0


exportfs -av | grep mail on nfsserver:
Quote:
exporting 192.168.4.0/255.255.127.0:/export/mnt/mail


/etc/fstab on nfsserver:
Quote:
/mnt/hd/3da8d1d7-b223-41e2-866b-7904ef021e7f/mail /export/mnt/mail none defaults,bind,noexec 0 0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum