[Freeipa-users] FreeIPA for Linux desktop deployment

Adam Young ayoung at redhat.com
Fri May 13 16:29:40 UTC 2011 

On 05/13/2011 12:13 PM, nasir nasir wrote:
> Adam,
>
> Thanks indeed!
>
> I tried your suggestions.
>
>   -- I can mkdir
>   -- When I try to chown, I get the following error
>
> *chown: changing ownership of `nasir': Operation not permitted*
>
> Could you please explain me what do you mean by 'You probably need rwx 
> permissions in /etc/export' ? This is my /etc/export file,
>

see the  '(rw'  in those lines?  That indicates read and write privs, 
but not execute.

I'm not an nfs guru, so I might be wrong.  this post suggests that I am 
wrong:

http://jackhammer.org/node/7

SInce IPA is managing the IDs, they should be in sync across the NFS and 
autmounted client machines, but there might be something not right in 
the setup.  if the IPA server isn't managing the machine that serves as 
your NFS server, then the IDs are certainly going to be out of sync.



>
> */xtra  *(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
> */xtra  gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
> */xtra  gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
> */xtra  gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
>
> Also, I have configured a separate client machine (RHEL 6.1) and 
> configured it as NFS server (previously my NFS server was IPA server 
> itself) and the result is same. All the above commands are from this 
> client machine only.
>
> Thanks indeed again!
>
> Regards,
> Nidal
>
>
>
>
>>
>>     *oddjob-mkhomedir[16401]: error setting permissions on /home/abc:
>>     Operation not permitted*
>>
>
>     It might be a root squash issue.  My guess is that the order of
>     operations for creating a root directory, which is done by root, is:
>
>     1.  mkdir /home/userid
>     2.  chown uid:gid  /home/userid
>
>     It sounds from the error message that the first stage happened,
>     but NFS is not allowing the second stage.  To confirm,  as a root
>     (and kinit admin) user on the client machine, just try these two
>     steps in order and see if they still fail.
>
>     chown is a different system call from mkdir, and might have
>     different nfs enforced permissions.  You probably need rwx
>     permissions in /etc/export.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110513/8081e9e2/attachment.htm>

More information about the Freeipa-users mailing list