[lustre-discuss] cannot create file for unknown uid

[Degremont, Aurelien]

Hello

I think that's expected. Lustre runs an identity upcall command on the MDT to get the user secondary groups. If it fails, Lustre returns a permission error.
See: http://doc.lustre.org/lustre_manual.xhtml#dbdoclet.l_getidentity

Try to disable it, confirm this is the reason of your problem.

If yes, and you need to be able resolve supplementary groups for known users but accept any unknown user ID, you will probably have to wrap this script to handle both cases.


Aurélien

Le 30/08/2019 15:14, « lustre-discuss au nom de Bernd Melchers » <lustre-discuss-bounces at lists.lustre.org au nom de melchers at zedat.fu-berlin.de> a écrit :

    Dear all,
    we use lustre 2.12.2 (CentOS-7.6) and observe a problem where file
    creation for unknown userids is not possible. Background is that
    we export our lustre file system with ganesha-nfs (nfs vers. 3) to
    nfs clients with userids unknown to the (nfs-)server.
    
    Attached is a short C Program to reproduce the problem.
    Process runs as root, changes effective user id to an unknown user id
    and creates a file:
    
    /tmp is xfs, /scratch is lustre :
    # ls -ld /tmp /scratch/tmp
    drwxrwxrwt    9 root root 25600 Jun  3 14:47 /scratch/tmp
    drwxrwxrwt. 132 root root 16384 Aug 30 15:06 /tmp
    
    [working for xfs:] # ./debug1_lustre /tmp/testfile && echo success
    success
    
    [not working for lustre:] # ./debug1_lustre /scratch/tmp/testfile
    /scratch/tmp/testfile: Permission denied
    
    If i change the uid to a known uid, it works.
    
    Is this a bug in lustre?
    
    Mit freundlichen Grüßen
    Bernd Melchers
    
    -- 
    Archiv- und Backup-Service | fab-service at zedat.fu-berlin.de
    Freie Universität Berlin   | Tel. +49-30-838-55905