Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-2147053.1
Update Date:2017-10-05
Keywords:
Solution Type  Problem Resolution Sure

Solution  2147053.1 :   Oracle ZFS Storage Appliance : Permission Denied Reported when Attempting to Create Files After Performing 'setgid'  

Related Items 
    

  • Sun ZFS Storage 7320
    •  
  • Sun Storage 7210 Unified Storage System
    •  
  • Oracle ZFS Storage ZS3-BA
    •  
  • Oracle ZFS Storage Appliance Racked System ZS4-4
    •  
  • Oracle ZFS Storage ZS3-2
    •  
  • Oracle ZFS Storage ZS3-4
    •  
  • Sun Storage 7410 Unified Storage System
    •  
  • Sun ZFS Storage 7420
    •  
  • Oracle ZFS Storage ZS4-4
    •  
  • Sun Storage 7310 Unified Storage System
    •  
  • Sun Storage 7110 Unified Storage System
    •  
  • Sun ZFS Storage 7120
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: ZS
    •  






In this Document


Symptoms


Cause


Solution



Created from <SR 3-12734417531>


Applies to:  

Oracle ZFS Storage ZS3-2 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage ZS3-4 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage ZS4-4 - Version All Versions to All Versions [Release All Releases]
Sun ZFS Storage 7420 - Version All Versions to All Versions [Release All Releases]
Sun ZFS Storage 7320 - Version All Versions to All Versions [Release All Releases]
7000 Appliance OS (Fishworks)



Symptoms


A NFSv4 share was mounted on a Solaris client.


A user is able to create files and directories inside the share. But as soon as a setgid is done on a directory, the user is not able to create any files.


On ZFS Storage Appliance under Shares > Protocol, the property "Disable setuid/setgid file creation" is unselected.


All file permissions look fine.


 


Cause


Further diagnosis of the issue determined that the user, for example "sayaka",  belonged to two groups - Primary Group lib-staff and Secondary Group library.




On client side :
# groups
  lib-staff library
# id
 uid=40112(sayaka) gid=40000(lib-staff)



Without setgid :
# ls -l
drwxrwxr-x+ 5 sayaka lib-staff 14 May 20 14:38 work


Setgid enabled :
# ls -l
drwxrwsr-x+ 5 sayaka library 14 May 20 14:38 work   <<< Setgid bit is set
#cd work
#touch aaaa
touch: cannot create aaaa: Permission denied


 




 


This issue was seen because the ZFS-SA is not part of any directory service. As a result, the ZFSSA and the client are not in sync for the user database.


 


Solution


It was found that ZFS-SA was not added to any directory service.


As soon as the ZFS-SA was added to LDAP (directory service), the user was able to create files when setgid was set on the directory.


 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback