Group Write Permissions Not Being Respected

Home » CentOS » Group Write Permissions Not Being Respected
CentOS 9 Comments

Hi

We have just migrated our data to a new file server (more space, old server was showing its age). We have a volume for collaborative use, based on group membership. In our new server, the group write permissions are not being respected (e.g. the owner of a directory can still write to that directory but any other member of the associated group cannot, even though the directory clearly has group write permissions set). This is occurring regardless of how many groups the user is a member of (i.e. users that are members of fewer then 16 groups are still affected).

the relevant fstab line from the server looks like localhost:/data-volume /gdata glusterfs defaults 0 0

and for a client:
mseas-data2:/gdata /gdata nfs defaults 0 0

Any help would be greatly appreciated.

Thanks

9 thoughts on - Group Write Permissions Not Being Respected

  • Use “getfacl” on both the client and server side to view the complete permission set. What do those look like?

  • So far, those look the same

    client:

    [root@mseas FixOwn]# getfacl /gdata/bibliography/Work/GroupBib/trunk/
    getfacl: Removing leading ‘/’ from absolute path names
    # file: gdata/bibliography/Work/GroupBib/trunk/
    # owner: phaley
    # group: mseasweb
    # flags: -s-
    user::rwx group::rwx other::r-x

    server:

    [root@mseas-data2 ~]# getfacl /gdata/bibliography/Work/GroupBib/trunk/
    getfacl: Removing leading ‘/’ from absolute path names
    # file: gdata/bibliography/Work/GroupBib/trunk/
    # owner: phaley
    # group: mseasweb
    # flags: -s-
    user::rwx group::rwx other::r-x

  • Stupid question, and note I missed most of the earlier posts in this thread: what are the permissions on the directory that this directory are in?

    mark

  • For example the directory /gdata/bibliography/Work/GroupBib/trunk/ can be written in by user phaley but not by other users who are member of the group mseasweb. The directory has permissions

    [root@mseas ~]# ls -lh /gdata/bibliography/Work/GroupBib total 12K
    drwxrwsr-x 4 phaley mseasweb 4.0K Aug 30 12:31 trunk

    The parent directory (/gdata/bibliography/Work/GroupBib) has permissions

    [root@mseas ~]# ls -lh /gdata/bibliography/Work/
    total 8.0K
    drwxrwsr-x 6 phaley mseasweb 4.0K Aug 30 14:01 GroupBib

  • Try booting with enforcing=0 and if that fixes it, you need to find out what security label is needed for gluster.

    Chances are it’s easiest to use -o context= mount option on the brick, but if the brick is not exclusive to gluster you’ll need chcon -R.

    If that’s not it, maybe try the gluster client instead of using NFS. See if you get a different result that narrows down what’s going on.

    My vague recollection is for Samba, without the correct SELinux label, I
    could neither read nor write.

    Chris Murphy

  • For the enforcing=0, is that referring to SELinux? If so, we are not running SELinux.

    ————————————————————————————–