[Solved] nfs share permissions with java

UNIX for Advanced & Expert Users
1

Please bare with me while I try to explain this weird problem.

We are exporting a filesystem from an aix box to two linux boxes.
On the linux box a java-weblogic application hits the share.
For explanation benefits I'll describe the users thus.

aix filesystem owned by userA in groupA
on the linux systems we made the same user
so the shared files are also owned by userA and groupA.
The uids and gids are the same across the systems.

The java - weblogic application is started and runs (supposedly) as userB GroupB

On the linux systems we put userB in GroupA also. ( userB primary group B, and also in group A )

This means that if I put a file in the linux shared filesystem that is owned by userA groupA, if the permissions are 660, UserB can still read the file because he is in groupA.
This bears out with my tests. I can vi the file.

The problem is that when the application runs and does some java call to read the file, it gets permission denied. It cannot read the file unless I make the file have world read permissions. (at least 664 ).

My only guess is that somewhere in the stack between the Java, Weblogic, application ears, there is another uid being set and it is NOT userB who is trying to read the file.

But this same exact setup works perfectly on in our QA environment which is built the same ( supposedly ). The developers told me that there is no difference in weblogic or java on either system so if it's not working in prod, there must be something else in the configuration.
I checked the uids, gids, etc.. and they all look the same between the two systems.
The /etc/vstab is the same on all linux boxes with no options.
Same with the /etc/exports file on the aix box.

Now I am lost and don't know where to look.
Does anyone have any ideas where else I can look or how I can go forth troubleshooting this issue ?

Thanks !
Floyd

---------- Post updated 09-21-11 at 10:39 AM ---------- Previous update was 09-20-11 at 05:57 PM ----------

Problem solved.
I dropped the group entry for userb into groupa and readded.
works as advertised now.

2

Hi,

We are facing a simialr issue.
We have an user id weblogic, that belongs to groups weblogic and batch. weblogic, batch owns the NFS.
We have created a new user id weblogic10 and added it to groups weblogic and batch.
JAVA programs submitted by weblogic10 through the weblogic application server are getting a "permission denied" error.
We are able to access / edit the files from the Linux box with the id weblogic10.

What exactly you did to fix the problem?
Any help you can provide is much appreciated. We are under tight timeline constraints.

Thanks

3

Hello,
It actually turns out the problem is not solved yet. I thought it was, but it wasn't.
It appears that Java is not creating the file as the userid we expect. Our developers are too busy to look into it, so as a temporary fix we are running a cronjob to change the permissions every minute.