From owner-freebsd-fs@FreeBSD.ORG Sun Aug 1 01:58:02 2010 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D89661065672 for ; Sun, 1 Aug 2010 01:58:02 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 94E798FC12 for ; Sun, 1 Aug 2010 01:58:02 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApwEAFVxVEyDaFvO/2dsb2JhbACDE54FrHmQRoEmgyBzBIh/ X-IronPort-AV: E=Sophos;i="4.55,296,1278302400"; d="scan'208";a="89097351" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 31 Jul 2010 21:57:59 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id C8BACB3F11; Sat, 31 Jul 2010 21:58:01 -0400 (EDT) Date: Sat, 31 Jul 2010 21:58:01 -0400 (EDT) From: Rick Macklem To: Joe Auty Message-ID: <235033195.215985.1280627881678.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <4C54C8E0.8020504@netmusician.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [24.65.230.102] X-Mailer: Zimbra 6.0.7_GA_2476.RHEL4 (ZimbraWebClient - FF3.0 (Mac)/6.0.7_GA_2473.RHEL4_64) Cc: freebsd-fs@freebsd.org Subject: Re: NFSv4 permissions issues X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Aug 2010 01:58:02 -0000 [stuff snipped for brevity] > At the time the user/groups were showing up as root:joe. > Ok, so an "ls -lg" on the NFSv4 mounted volume showed the files owned by root/joe? If so, nfsuserd seems to be working. Does root and joe have the same uid and gid #s on the client and server. NFSv4 will be pickier about the gid, so make sure joe is in both the client and server as the same gid#. > Is snoop trace an strace? > I was referring to using snoop to capture packets and then look at them. On Solaris I use something like: # snoop -q -o xx.cap host - I run an offending command(s), then kill the above and: # snoop -t r -v -i xx.cap > xx The file "xx" now has a verbose description of the packets. Take a look at the AUTH_SYS part of the RPC header (where the uid and gids live) and the various attributes in the request that probably failed with NFS4ERR_ACCESS. Alternately, you can use wireshark. (tcpdump knows diddly about NFSv4, so it can only be used for the packet capture and not the analysis. rick