<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I believe this is occurring because of the manage_gids=TRUE setting. The purpose of this setting is to overcome the AUTH_SYS 16 group limit. If true, Ganesha takes the UID and resolves all of the GIDs on the server. If false, the GIDs sent by the client are used. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I ran a quick test by creating a local user on the client and exporting 2 shares with 777 permissions, one with manage_gids=TRUE and one with FALSE.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">The user could view the share and create files with manage_gids=FALSE. ganesha.log showed that it tried and failed to resolve the UID to a name, but allowed the operation nonetheless:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default"><font face="monospace, monospace">2019-01-25 10:19:03 : epoch 0001004c : gpfs-proto.domain : ganesha.nfsd-123297[work-30] xdr_encode_nfs4_princ :ID MAPPER :INFO :nfs4_uid_to_name failed with code -2.</font></div><div class="gmail_default"><font face="monospace, monospace">2019-01-25 10:19:03 : epoch 0001004c : gpfs-proto.domain : ganesha.nfsd-123297[work-30] xdr_encode_nfs4_princ :ID MAPPER :INFO :Lookup for 779 failed, using numeric owner</font></div><div class="gmail_default"><font face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, helvetica, sans-serif">With </font><span style="font-family:arial,helvetica,sans-serif">manage_gids=TRUE, the client received permission denied and ganesha.log showed the GID query failing:</span></div><div class="gmail_default"><font face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font face="monospace, monospace">2019-01-25 10:19:27 : epoch 0001004c : gpfs-proto.domain : ganesha.nfsd-123297[work-39] uid2grp_allocate_by_uid :ID MAPPER :INFO :No matching password record found for uid 779</font></div><div class="gmail_default"><font face="monospace, monospace">2019-01-25 10:19:27 : epoch 0001004c : gpfs-proto.domain : ganesha.nfsd-123297[work-39] nfs_req_creds :DISP :INFO :Attempt to fetch managed_gids failed</font></div><div class="gmail_default"><br></div><div style="font-family:arial,helvetica,sans-serif">Hope this helps,</div><div style="font-family:arial,helvetica,sans-serif">Andy Kurth / NC State University</div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 24, 2019 at 9:36 AM Billich Heinrich Rainer (PSI) <<a href="mailto:heiner.billich@psi.ch">heiner.billich@psi.ch</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_-2391562514620107307WordSection1">
<p class="MsoNormal"><span style="font-size:11pt">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">a local account on a nfs client couldn’t write to a ganesha nfs export even with directory permissions 777. The solution was to create the account on the ganesha servers, too.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">Please can you confirm that this is the intended behaviour? is there an option to change this and to map unknown accounts to nobody instead? We often have embedded Linux appliances or similar as nfs clients
which need to place some data on the nfs exports using uid/gid of local accounts.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">We manage gids on the server side and allow NFS v3 client access only.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">I crosspost this to ganesha support and to the gpfsug mailing list.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">Thank you,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">Heiner Billich<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">ganesha version: 2.5.3-ibm028.00.el7.x86_64
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">the ganesha config<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">CacheInode<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">{<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> fd_hwmark_percent=60;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> fd_lwmark_percent=20;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> fd_limit_percent=90;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> lru_run_interval=90;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> entries_hwmark=1500000;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">NFS_Core_Param<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">{<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> clustered=TRUE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> rpc_max_connections=10000;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> heartbeat_freq=0;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> mnt_port=33247;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> nb_worker=256;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> nfs_port=2049;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> nfs_protocols=3,4;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> nlm_port=33245;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> rquota_port=33246;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> rquota_port=33246;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> short_file_handle=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> mount_path_pseudo=true;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">GPFS<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">{<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> fsal_grace=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> fsal_trace=TRUE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">NFSv4<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">{<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> delegations=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> domainname=<a href="http://virtual1.com" target="_blank">virtual1.com</a>;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> grace_period=60;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> lease_lifetime=60;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">Export_Defaults<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">{<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> access_type=none;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> anonymous_gid=-2;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> anonymous_uid=-2;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> manage_gids=TRUE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> nfs_commit=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> privilegedport=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> protocols=3,4;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> sectype=sys;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> squash=root_squash;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> transports=TCP;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">one export<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"># === START /**** id=206 nclients=3 ===<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">EXPORT {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Attr_Expiration_Time=60;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Delegations=none;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Export_id=206;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Filesystem_id=42.206;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> MaxOffsetRead=18446744073709551615;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> MaxOffsetWrite=18446744073709551615;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> MaxRead=1048576;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> MaxWrite=1048576;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Path="/****";<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> PrefRead=1048576;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> PrefReaddir=1048576;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> PrefWrite=1048576;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Pseudo="/****";<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Tag="****";<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> UseCookieVerifier=false;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> FSAL {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Name=GPFS;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> }<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> CLIENT {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> # === ****/X12SA ===<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Access_Type=RW;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Anonymous_gid=-2;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Anonymous_uid=-2;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Clients=X.Y.A.B/24;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Delegations=none;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Manage_Gids=TRUE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> NFS_Commit=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> PrivilegedPort=FALSE;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Protocols=3;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> SecType=SYS;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Squash=Root;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> Transports=TCP;<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black"> }<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">….<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:-webkit-standard;color:black">--</span><span style="font-size:11pt;font-family:-webkit-standard;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Paul Scherrer Institut<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Heiner Billich <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">System Engineer Scientific Computing<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Science IT / High Performance Computing
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">WHGA/106
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Forschungsstrasse 111<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">5232 Villigen PSI<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Switzerland<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black">Phone +41 56 310 36 02<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black"><a href="mailto:heiner.billich@psi.ch" target="_blank"><span style="color:rgb(5,99,193)">heiner.billich@psi.ch</span></a>
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black"><a href="https://www.psi.ch" target="_blank">https://www.psi.ch</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Courier;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" target="_blank">spectrumscale.org</a><br>
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><font face="arial, helvetica, sans-serif">Andy Kurth</font></b><div><font face="arial, helvetica, sans-serif">Research Storage Specialist</font></div><div><span style="font-family:arial,helvetica,sans-serif;font-size:12.8px">NC State University</span></div><div><font face="arial, helvetica, sans-serif">Office of Information Technology</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div>P: 919-513-4090</div><div><font face="arial, helvetica, sans-serif">311A Hillsborough Building</font></div><div><span style="font-family:arial,helvetica,sans-serif;font-size:12.8px">Campus Box 7109</span></div><div><font face="arial, helvetica, sans-serif">Raleigh, NC 27695</font><font face="arial, helvetica, sans-serif"><br></font></div></div></div></div></div></div></div></div></div>