[Hampshire] NFS, LDAP, and file permissions

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MGraham Bleach at ->

Reply to this message
Author: Nick Chalk
Date:  
To: hampshire
Subject: [Hampshire] NFS, LDAP, and file permissions
I have a rather strange problem with an NFS-
mounted /home, LDAP accounts, and access being
denied when it shouldn't. 

The system:
   Client: Ubuntu feisty, Ubuntu-standard
           2.6.20-16-generic kernel, nss-ldap
           251-7.5 and pam-ldap 180-1.7.
   Server: Debian Sarge, custom 2.6.18.6 kernel,
           OpenLDAP 2.2.23-8.


The server exports /home, and that's successfully
mounted on the client. Within /home, there's the
usual private user directories, plus a few shared
directories. Each shared directory is owned by a
group with the same name; users are added to the
appropriate groups for the required access.

There's a limited number of local accounts on the
client, the rest being stored in OpenLDAP and
accessed through pam-ldap and nss-ldap.

So far, so good.

The problem occurs when certain users try to
access certain shared directories on the client
machine. Here's two of the shared directories: 

nick@workshop-admin:~$ ll -d /home/admin/ /home/staff/
drwxrwx--T 10 admin admin 4096 2007-08-01 10:52 /home/admin/
drwxrws--- 43 root  staff 4096 2007-08-16 15:17 /home/staff/
nick@workshop-admin:~$ ll -dn /home/admin/ /home/staff/
drwxrwx--T 10 10011 10011 4096 2007-08-01 10:52 /home/admin/
drwxrws--- 43     0    50 4096 2007-08-16 15:17 /home/staff/


My account, for example, has no problems accessing
either directory:

nick@workshop-admin:~$ id
uid=10001(nick) gid=10001(nick) groups=50(staff),
51(managers),100(users),512(Domain Admins),
513(Domain Users),546(Guests),10000(guest),
10001(nick),10008(workers),10011(admin) 

nick@workshop-admin:~$ ls /home/admin/
Application for computer.doc
Base Unit Price Calculator.ods
....
nick@workshop-admin:~$ ls /home/staff/
A4 Delta House Booklet              Members Induction Pack
A4 Delta House Booklet.pub          Memory Bus 1.pub
....


Alex, however, can only access one:

alexander@workshop-admin:~$ id
uid=10032(alexander) gid=10032(alexander)
groups=4(adm),20(dialout),21(fax),24(cdrom),
25(floppy),26(tape),29(audio),30(dip),46(plugdev),
50(staff),100(users),104(scanner),
513(Domain Users),546(Guests),10000(guest),
10008(workers),10011(admin),10032(alexander) 

alexander@workshop-admin:~$ ls /home/admin/
ls: /home/admin/: Permission denied
alexander@workshop-admin:~$ ls /home/staff/
A4 Delta House Booklet              Members Induction Pack
A4 Delta House Booklet.pub          Memory Bus 1.pub
....



I am at a loss as to why this is happening.
/home/admin is rwx by group admin, and both users
are members of that group. id, getent, and
ldapsearch show that LDAP look-ups are succeeding
for both users.

I've tried two other accounts - one behaves like
mine, the other like Alex's.

Any ideas?

Thanks,
Nick.

--
Nick Chalk ................. once a Radio Designer
Confidence is failing to understand the problem.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Fonts in Java applicationsRe: [Hampshire] [OT] Has anyone seen....->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)