File Permissions nobody:nobody

clking · January 14, 2009, 5:14pm

AIX 5.3 environment. On the local system, I am sharing a jfs2 filesystem as an exported filesystem. I have many other AIX 5.3 server mounting to this file system and can create, move, copy, ... data to and from this share.

Recently, we've run into a problem. When on another system (okay, all systems except the local system), users try to create a folder or file on this "share," but the new permissions are automatically set to nobody:nobody.

It is easy enough to change the permissions, but I am not sure why this is happening now. On the local system, I was able to create a new file and folder with the proper permissions system:root. It seems as if there is a problem with the share itself. I looked through the file systems settings, NFS settings, and exported file system settings, but didn't see anything out of the ordinary.

Has anyone come across this before?

Thanks

Casey

johnf · January 15, 2009, 4:14am

Without going into to much depth check the user IDs on both systems. For example in the password file:

On system 1

user1:!:503:etc
user2:!:504:etc

On system 2

user1:!:205
user2:!:206

This would cause your problem.

clking · January 15, 2009, 10:16am

I did some more looking into this last night, and I did an ls -la on the server1 (a.k.a server with NFS). For some reason it had settings of:

123:107

I checked both server1 and server2 for these UID and GUID but neither of the systems have these. I ran a: chown root:system to reset the permissions and tested another folder/file creation from server2. same problem.

I also checked the /etc/passwd file as johnf suggests and everything lines up.

Server1
------------------
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp::11:11::/var/spool/lp:/bin/false
invscout::6:12::/var/adm/invscout:/usr/bin/ksh
snapp::200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec::201:1::/etc/ipsec:/usr/bin/ksh
nuucp::7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
sshd::202:201::/var/empty:/usr/bin/ksh
fmwalke:!:10:14::/home/fmwalke:/usr/bin/ksh
khlosey:!:12:14::/home/khlosey:/usr/bin/ksh
rlyoung:!:102:0::/home/rlyoung:/bin/ksh
rlyoung2:!:103:0::/home/rlyoung2:/bin/ksh
------------------

Server2
------------------
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp::11:11::/var/spool/lp:/bin/false
invscout::6:12::/var/adm/invscout:/usr/bin/ksh
snapp::200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
nuucp::7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
ipsec::201:1::/etc/ipsec:/usr/bin/ksh
sshd::202:201::/var/empty:/usr/bin/ksh
fmwalke:!:10:202::/home/fmwalke:/usr/bin/ksh
khlosey:!:12:202::/home/khlosey:/usr/bin/ksh
ldap:*:203:1::/home/ldap:/usr/bin/ksh
qr3adm:!:207:202:SAP System Administrator:/home/qr3adm:/bin/csh
oraqr3:!:208:204:SAP Database Administrator:/oracle/QR3:/bin/csh
sapintf:!:210:202:Sap User:/sapinterfaces/QR3ftp:/bin/ksh

johnf · January 16, 2009, 3:46am

clking:

I did some more looking into this last night, and I did an ls -la on the server1 (a.k.a server with NFS). For some reason it had settings of:

123:107

I checked both server1 and server2 for these UID and GUID but neither of the systems have these. I ran a: chown root:system to reset the permissions and tested another folder/file creation from server2. same problem.

I also checked the /etc/passwd file as johnf suggests and everything lines up.

Server1
------------------
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp::11:11::/var/spool/lp:/bin/false
invscout::6:12::/var/adm/invscout:/usr/bin/ksh
snapp::200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec::201:1::/etc/ipsec:/usr/bin/ksh
nuucp::7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
sshd::202:201::/var/empty:/usr/bin/ksh
fmwalke:!:10:14::/home/fmwalke:/usr/bin/ksh
khlosey:!:12:14::/home/khlosey:/usr/bin/ksh
rlyoung:!:102:0::/home/rlyoung:/bin/ksh
rlyoung2:!:103:0::/home/rlyoung2:/bin/ksh
------------------

Server2
------------------
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp::11:11::/var/spool/lp:/bin/false
invscout::6:12::/var/adm/invscout:/usr/bin/ksh
snapp::200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
nuucp::7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
ipsec::201:1::/etc/ipsec:/usr/bin/ksh
sshd::202:201::/var/empty:/usr/bin/ksh
fmwalke:!:10:202::/home/fmwalke:/usr/bin/ksh
khlosey:!:12:202::/home/khlosey:/usr/bin/ksh
ldap:*:203:1::/home/ldap:/usr/bin/ksh
qr3adm:!:207:202:SAP System Administrator:/home/qr3adm:/bin/csh
oraqr3:!:208:204:SAP Database Administrator:/oracle/QR3:/bin/csh
sapintf:!:210:202:Sap User:/sapinterfaces/QR3ftp:/bin/ksh

What filesystem has the owner and group of 123:107?

Run the command:

lsgroup ALL

Check if there is a group numbered 107 I guess there isn't!

funksen · January 16, 2009, 3:51am

please post /etc/exports from server1

and if available the /etc/filesystems entry for the remote filesystem on server 2

clking · January 16, 2009, 9:42am

Found the problem...or, I should say, my co-worker saw the problem. We have two NICs on the server, and have addressing set up accordingly. Some time ago we had issues with the server, and it appears that I gave access to the servers with the "internal" naming convention that is supposed to be for the nim server. I was able to get to the share and do what I wanted from the "external," but then ran into the nobody:nobody file permission.

Because I was on server, sapdbw2, I changed the permission from db2 to sapdbw2 and was able to create a file/folder with the proper permissions.

I am still thinking about this, because it doesn't seem quite complete. I understand I have naming conventions that the nim server sees, and then what the rest of the world sees. Maybe I need to modify the /etc/hosts file so it doesn't matter if I have the server listed as db2 or sapdbw2.