Re: [CentOS] group write permissions not being respected
On Tue, Sep 6, 2016, 8:08 PM Pat Haley wrote: > > Trying the gluster client seems to fix the problem. > Hmm, suggests an NFS export issue then, rather than permissions issue? Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
Trying the gluster client seems to fix the problem. On 09/02/2016 12:57 AM, Chris Murphy wrote: On Thu, Sep 1, 2016, 8:11 AM Pat Haley wrote: For the enforcing=0, is that referring to SELinux? If so, we are not running SELinux. OK so neither that nor chcon nor context mount option apply. It's something else. On 08/31/2016 11:38 PM, Chris Murphy wrote: Try booting with enforcing=0 and if that fixes it, you need to find out what security label is needed for gluster. For the enforcing=0, is that referring to SELinux? If so, we are not running SELinux. - Chances are it's easiest to use -o context= mount option on the brick, but if the brick is not exclusive to gluster you'll need chcon -R. - We aren't sure exactly what you mean by this second paragraph, can you expand on this? Are these two exclusive options exclusive? We aren't sure what you what you mean by "exclusive to gluster" - If that's not it, maybe try the gluster client instead of using NFS. See if you get a different result that narrows down what's going on. My vague recollection is for Samba, without the correct SELinux label, I could neither read nor write. Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
On Thu, Sep 1, 2016, 8:11 AM Pat Haley wrote: > > For the enforcing=0, is that referring to SELinux? If so, we are not > running SELinux. > OK so neither that nor chcon nor context mount option apply. It's something else. > > On 08/31/2016 11:38 PM, Chris Murphy wrote: > > > > Try booting with enforcing=0 and if that fixes it, you need to find out > > what security label is needed for gluster. > > > For the enforcing=0, is that referring to SELinux? If so, we are not > running SELinux. > > - > > > Chances are it's easiest to use -o context= mount option on the brick, > but > > if the brick is not exclusive to gluster you'll need chcon -R. > > - > We aren't sure exactly what you mean by this second paragraph, can > you expand on this? Are these two exclusive options exclusive? We aren't > sure what you what you mean by "exclusive to gluster" > > - > > If that's not it, maybe try the gluster client instead of using NFS. See > if > > you get a different result that narrows down what's going on. > > > > My vague recollection is for Samba, without the correct SELinux label, I > > could neither read nor write. > > > > > > Chris Murphy > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > -- > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Pat Haley Email: pha...@mit.edu > Center for Ocean Engineering Phone: (617) 253-6824 > Dept. of Mechanical EngineeringFax:(617) 253-8125 > MIT, Room 5-213http://web.mit.edu/phaley/www/ > 77 Massachusetts Avenue > Cambridge, MA 02139-4301 > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
For the enforcing=0, is that referring to SELinux? If so, we are not running SELinux. On 08/31/2016 11:38 PM, Chris Murphy wrote: Try booting with enforcing=0 and if that fixes it, you need to find out what security label is needed for gluster. For the enforcing=0, is that referring to SELinux? If so, we are not running SELinux. - Chances are it's easiest to use -o context= mount option on the brick, but if the brick is not exclusive to gluster you'll need chcon -R. - We aren't sure exactly what you mean by this second paragraph, can you expand on this? Are these two exclusive options exclusive? We aren't sure what you what you mean by "exclusive to gluster" - If that's not it, maybe try the gluster client instead of using NFS. See if you get a different result that narrows down what's going on. My vague recollection is for Samba, without the correct SELinux label, I could neither read nor write. Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
Try booting with enforcing=0 and if that fixes it, you need to find out what security label is needed for gluster. Chances are it's easiest to use -o context= mount option on the brick, but if the brick is not exclusive to gluster you'll need chcon -R. If that's not it, maybe try the gluster client instead of using NFS. See if you get a different result that narrows down what's going on. My vague recollection is for Samba, without the correct SELinux label, I could neither read nor write. Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
For example the directory /gdata/bibliography/Work/GroupBib/trunk/ can be written in by user phaley but not by other users who are member of the group mseasweb. The directory has permissions [root@mseas ~]# ls -lh /gdata/bibliography/Work/GroupBib total 12K drwxrwsr-x 4 phaley mseasweb 4.0K Aug 30 12:31 trunk The parent directory (/gdata/bibliography/Work/GroupBib) has permissions [root@mseas ~]# ls -lh /gdata/bibliography/Work/ total 8.0K drwxrwsr-x 6 phaley mseasweb 4.0K Aug 30 14:01 GroupBib On 08/31/2016 02:04 PM, m.r...@5-cent.us wrote: Stupid question, and note I missed most of the earlier posts in this thread: what are the permissions on the directory that this directory are in? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
Stupid question, and note I missed most of the earlier posts in this thread: what are the permissions on the directory that this directory are in? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
So far, those look the same client: [root@mseas FixOwn]# getfacl /gdata/bibliography/Work/GroupBib/trunk/ getfacl: Removing leading '/' from absolute path names # file: gdata/bibliography/Work/GroupBib/trunk/ # owner: phaley # group: mseasweb # flags: -s- user::rwx group::rwx other::r-x server: [root@mseas-data2 ~]# getfacl /gdata/bibliography/Work/GroupBib/trunk/ getfacl: Removing leading '/' from absolute path names # file: gdata/bibliography/Work/GroupBib/trunk/ # owner: phaley # group: mseasweb # flags: -s- user::rwx group::rwx other::r-x On 08/31/2016 12:50 PM, Gordon Messmer wrote: On 08/30/2016 03:01 PM, Pat Haley wrote: the owner of a directory can still write to that directory but any other member of the associated group cannot, even though the directory clearly has group write permissions set Use "getfacl" on both the client and server side to view the complete permission set. What do those look like? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] group write permissions not being respected
On 08/30/2016 03:01 PM, Pat Haley wrote: the owner of a directory can still write to that directory but any other member of the associated group cannot, even though the directory clearly has group write permissions set Use "getfacl" on both the client and server side to view the complete permission set. What do those look like? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] group write permissions not being respected
Hi We have just migrated our data to a new file server (more space, old server was showing its age). We have a volume for collaborative use, based on group membership. In our new server, the group write permissions are not being respected (e.g. the owner of a directory can still write to that directory but any other member of the associated group cannot, even though the directory clearly has group write permissions set). This is occurring regardless of how many groups the user is a member of (i.e. users that are members of fewer then 16 groups are still affected). the relevant fstab line from the server looks like localhost:/data-volume /gdataglusterfs defaults 0 0 and for a client: mseas-data2:/gdata /gdata nfs defaults0 0 Any help would be greatly appreciated. Thanks -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pat Haley Email: pha...@mit.edu Center for Ocean Engineering Phone: (617) 253-6824 Dept. of Mechanical EngineeringFax:(617) 253-8125 MIT, Room 5-213http://web.mit.edu/phaley/www/ 77 Massachusetts Avenue Cambridge, MA 02139-4301 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos