Am 09.01.2017 um 17:28 schrieb Ben Hutchings: > Control: tag -1 moreinfo > > On Mon, 2017-01-09 at 16:24 +0100, Christoph Martin wrote: >> Package: src:linux >> Version: 4.8.11-1~bpo8+1 >> Severity: important >> >> after upgrading from kernel 4.7 to 4.8 nfs mounts of shares with >> group permissions (on a Netapp filer) via a nfs referral server >> are not anymore mountable using nfs4.1 and kerberos. >> >> This seams to be caused by the following upstream patch to VFS: >> >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8-rc1&id=a867d7349e94b6409b08629886a819f802377e91 > > But that's a merge commit. The patch you see is the combination of a > long series of separate patches. > > Can you test whether the attached revert patch also fixes this? We are preparing this. > >> We verified the problem by applying the patch to a 4.7 kernel. >> >> In our setup we have several thousand user and group directories/shares on >> multiple Netapp filers which get mapped into a unique filespace via an >> NFS referral server. >> >> With kernels up to 4.7 on login of a user the respective home directory was >> mounted with the kerberos ticket of the user from kernel automounter. >> The group >> directories were also automatically mounted via kernel automounter. > [...] > > What does the client see as being the user-owner of the group > directories? An example mount is: fsgroups.zdv.uni-mainz.de:/groups70 2,7T 2,3T 389G 86% /uni-mainz.de/groups/70 On a 4.7 kernel where the mount is working an ls -ld looks like: dr-xr-xr-x 34 root root 4096 Aug 4 16:40 /uni-mainz.de/groups/70 But these must not be the effective permissions since the volumes might have security style ntfs. Then the directory has ntfs acls which you would not see via nfs from linux. (This is why programs which try to interpret unix permissions bits instead of using the access system call might give errors.) Christoph -- ============================================================================ Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: martin@uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php)
begin:vcard fn:Christoph Martin n:Martin;Christoph org;quoted-printable;quoted-printable:Johannes Gutenberg-Universit=C3=A4t Mainz;Zentrum f=C3=BCr Datenverarbeitung adr:;;Anselm Franz von Bentzel-Weg 12;Mainz;Rheinland-Pfalz;55128;Germany email;internet:martin@uni-mainz.de title:Leiter Unix-Systeme tel;work:+49-6131-3926337 tel;fax:+49-6131-3926407 tel;cell:+49-179-7952652 x-mozilla-html:FALSE version:2.1 end:vcard
Attachment:
signature.asc
Description: OpenPGP digital signature