2

I hope my question is not repeated, as I have been searching the Internet for several days with different keywords and I can't find the solution to my problem with the permissions.

I have a shared folder set up on a server. The options for this folder are:

user2@server:~$ mount Y.Y.Y.Y:/Data on /media/Data type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=X.X.X.X,local_lock=none,addr=Y.Y.Y.Y)

"user2" is the user I want to access the folder using the group "wholegroup". In the first part I get permission denied. It is normal because "user2" is not the owner, he is not in the group to which the folder belongs and the folder has neither r nor x permissions for any user:

user2@server:~$ id uid=1001(user2) gid=1001(user2) groups=1001(user2) user2@server:~$ ls -l /media/Data/ ls: cannot open directory '/media/Data/': Permission denied user2@server:~$ ls -l /media/ total 5 drwxr-x--- 6 user1 wholegroup 6 Aug 15 22:59 Data drwxr-xr-x 2 root root 4096 May 15 16:12 OtherData user2@server:~$

Now from "user1" with admin permissions, I add "user2" to the group "wholegroup":

user1@server:~$ sudo usermod -a -G wholegroup user2

I log out and log in to make "user2" changes effective:

user2@server:~$ exit logout Connection to X.X.X.X closed. user1@computer:~$ ssh [email protected]

I check the groups of "user2" and try to access the folder:

user2@server:~$ id uid=1001(user2) gid=1001(user2) groups=1001(user2),166636(wholegroup) user2@server:~$ ls -l /media/Data/ ls: cannot open directory '/media/Data/': Permission denied user2@server:~$ ls -l /media/ total 5 drwxr-x--- 6 user1 wholegroup 6 Aug 15 22:59 Data drwxr-xr-x 2 root root 4096 May 15 16:12 OtherData user2@server:~$

It tells me that I do not have permissions. This is what I don't understand, if "user2" belongs to "wholegroup" as a secondary group and the folder has r and x permissions for the group, why can't I access it? Does it have to be the primary group "wholegroup" to access?

I do the test by changing the group to primary:

user1@server:~$ sudo usermod -g wholegroup user2 user2@server:~$ exit logout Connection to X.X.X.X closed. user1@computer:~$ ssh [email protected] user2@server:~$ id uid=1001(user2) gid=166636(wholegroup) groups=166636(wholegroup) user2@server:~$ ls -l /media/Data/ total 34 drwxr-x--- 23 user1 wholegroup 25 Sep 7 11:58 Data drwxr-x--- 5 user1 wholegroup 5 Aug 17 13:02 Music drwxr-x--- 6 user1 wholegroup 6 Aug 15 22:59 Video user2@server:~$ ls -l /media/ total 5 drwxr-x--- 6 user1 wholegroup 6 Aug 15 22:59 Data drwxr-xr-x 2 root root 4096 May 15 16:12 OtherData user2@server:~$

Could you explain me why it does not work as a secondary group, what am I doing wrong and what is the solution? Should I use some special permission like SUID or GUID?

Thanks so much!

Improve this question
2
  • There's an answer in this Q/A which might be relevant: unix.stackexchange.com/questions/206062/… Commented Oct 22, 2023 at 16:27
  • 1
    @A.B ok, I will delete the other one, if I see that I don't get an answer in this one, I will delete this post and open it in the first one. The truth is that I am quite desperate, I don't usually ask around here and I have read many pages and forums but none of them help me. Commented Oct 22, 2023 at 18:34

1 Answer 1

Reset to default
1

I have already found a solution thanks to super_ik's and Dolapevich's comments on Reddit.

The failure was that I had not created the user in the server. The solution in my specific case was to create user2 and add it to the group wholegroup which was already created previously on the server.

I quote from super_ik's comment:

If I recall correctly the access checking is performed on the server side and the server only receives the uid and gid of the process accessing the folder. If the server does not know these UIDs it also can’t lookup their secondary groups.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.