Can't set write permissions by group

G

GogoFC

I have a directory: drwxrwxr-x 5 root movies 5 Mar 11 12:17 directory


I created a group called movies and added a users to it, but the user can't write to it unless I change the owner to be user and not root.

So I can't figure out how to give a directory write permissions by using groups.

Edit:
Well, figured it out. For my regular user I had to log out and log back in to the shell.
For the nologin user I had to restart the service.
I did run this before I logged back in: chmod 2775 directory # '2' sets the default group id on new files
 
After you added the users did you log those users off? Group membership is determined at login, it's not changed 'on-the-fly'.

Please post the output of ls -ld <directory> and the output of id <user> from one of those users.
 
Oh wow you're quick. I wanted to delete this post since I figured it out in the meantime but I'll leave it now.
Thanks for the explanation that group membership is determined at login.
So now it works. Thanks
drwxrwsr-x 6 root movies 7 Mar 11 12:43
uid=1001(gogofc) gid=1001(gogofc) groups=1001(gogofc),0(wheel),1002(movies)
 
So what do you think how should I setup my NFS directory?
Another directory I have as a NFS share with unix permissions of 777. drwxrwsrwx 16 root movies 16 Mar 11 10:40
In the exports I have the share allowing 3 IP addresses.

Not sure if I should do 777. Yeah it's at home but still.
The clients are Ubuntu and they use v3.

I did set it up using the Handbook and it works, but I'm not really sure on security. I don't have any LDAP or anything like that.

Yeah I need to read more about users and NFS. I don't know about creating a user with the same uid just so it can match the other machine, that sounds like a lot of pointless work. Then I could exclude the write permissions to everyone.
 
Never give anything 777 permissions.

GogoFC said:
I don't know about creating a user with the same uid just so it can match the other machine
Click to expand...
Not needed with NFSv4, usernames actually get translated on both sides, so their UID doesn't need to match up any more. This was certainly the case with NFSv3.
 
That took a second to figure out. Thanks.

I finally understood that to mount V4 on the client side we use relative path from the home dir, unlike the V3 which uses the full path.

So now I have it setup with -mapall="root" with 755 permissions.
I couldn't get it to mount and also have write permissions any other way unless it's 777.
But when it was 777 the username didn't get translated. On the server my user is 1001 and on the client it's 1000. So the added file ownership gets set to 1000.

Do you have a suggestion on what I should read regarding setting proper username translations and multiple users?
I did mapall to my user but what's the sense in that.

I read the man page of exports(5) and the example at the end was very clear on what must be done to setup nfs.

I even tried to do zfs sharenfs but it wouldn't show any shares if I added a network address like "sudo zfs set sharenfs='on, -network 192.168.1.0/24' pool/nfs"
I could see exports by running "sudo zfs set sharenfs=on pool/nfs" but that was shared to everybody.

So I gave up on zfs shares and just use /etc/exports, but good to know that nfsd looks in /etc/zfs/exports also so I could have both if I wanted.
I read on here somewhere, either you or someone else wrote that on FreeBSD zfs nfs shares just gets written to an exports file anyway and that's what nfsd uses. Is there any advantage of using that?


So now this is what I have.

/etc/rc.conf
sh: 
### NFS
nfsv4_server_enable="YES"
nfs_server_enable="YES"
nfsuserd_enable="YES"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
I don't really know what the last three lines do. I just assume lockd locks files because of the name.

/etc/exports
sh: 
V4: /pool/nfs -network 192.168.1.0/24
/pool/nfs/movies -mapall=root 192.168.1.10 192.168.1.204 192.168.1.112
/pool/nfs/base -mapall="root"
 
You must log in or register to reply here.
Back
Top