【3PAR】 3PAR8400 file persona用户权限不正确

3PAR8440配置file persona，创建nfs共享

user in secondary group unable to write nfs share, but primary group works fine

一个用户从组为目录的属组，那么就没有访问该目录。

nfs客户端 创建用户：
 User: testuser001
    Primary Gruop : testgrp001
    Secondary     : testgrp002
 
 User: testuser002
    Primary Group : testgrp002

 c. mount nfs share (in case of my test, nfs protocol is nfs v3
 #  mount -t nfs -o nfsvers=3 16.148.243.128:/smb02_fpg/smb02_vfs/nfs_test001/testdir001 /mnt

 d. change user, and create test directory with testuser002
 [root@hpsv02 ~]# su testuser002
 [testuser002@hpsv02 root]$ id
 uid=1002(testuser002) gid=1002(testgrp002) groups=1002(testgrp002) cOntext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

 [testuser002@hpsv02 mnt]$ mkdir testdir01
 [testuser002@hpsv02 mnt]$ chmod 775 testdir01
 [testuser002@hpsv02 mnt]$ ls -lh
 total 40K
 drwxrwxr-x+ 2 testuser002 testgrp002 8.0K Oct 17 04:44 testdir01

e. create test file "001" under test directory "testdir01"
 [testuser002@hpsv02 mnt]$ cd testdir01
 [testuser002@hpsv02 testdir01]$ echo "test" > 001
 [testuser002@hpsv02 testdir01]$ chmod 775 001
 [testuser002@hpsv02 testdir01]$ ls -lh
 total 8.0K
 -rwxrwxr-x. 1 testuser002 testgrp002 5 Oct 17 04:48 001
 [testuser002@hpsv02 testdir01]$ cat 001
 test

 e. exit testuser002 and switch user to testuser001
 [testuser002@hpsv02 testdir01]$ exit
 exit
 [root@hpsv02 ~]# su testuser001
 [testuser001@hpsv02 root]$ id
 uid=1001(testuser001) gid=1001(testgrp001) groups=1001(testgrp001),1002(testgrp002) cOntext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
 [testuser001@hpsv02 root]$ cd /mnt
 [testuser001@hpsv02 mnt]$ ls -lh
 total 40K
 drwxrwxr-x+ 2 testuser002 testgrp002 8.0K Oct 17 04:48 testdir01

 [testuser001@hpsv02 mnt]$ cd testdir01
 [testuser001@hpsv02 testdir01]$ ls -lh
 total 8.0K
 -rwxrwxr-x. 1 testuser002 testgrp002 5 Oct 17 04:48 001

 f. try to read test file "001", and create new file as test purpose
 [testuser001@hpsv02 testdir01]$ cat 001
 test
 [testuser001@hpsv02 testdir01]$ echo "testuser001" > 002
 bash: 002: Permission denied

 ==> failed due to permission denied despite of "testdir01" has proper permission

如果客户需要这样的权限访问，就需要一个停机窗口，进入底层修改配置，务必联系二线工程师操作。

 login fpg owning vm node, and here is /etc/sysconfig/nfs.
 [root@node1fs ~]# cat /etc/sysconfig/nfs
 # This file was modified by nfs-component*.rpm.  the following ports must be static for nfs firewalling to work.
 LOCKD_TCPPORT=32803
 LOCKD_UDPPORT=32769
 MOUNTD_PORT=892
 STATD_PORT=662

 NFSD_V4_GRACE=10
 RPCNFSDCOUNT=64
 RPCMOUNTDOPTS="-g"

 h. remove RPCMOUNTDOPTS, then restart nfs & nfslock service manually
 [root@node1fs ~]# vi /etc/sysconfig/nfs
 => remove RPCMOUNTDOPTS="-g"

 [root@node1fs ~]# service nfslock restart
 [root@node1fs ~]# service nfs restart
 [root@node1fs ~]# ps auxw | grep rpc.mountd
 root     18937  0.0  0.0  23720   952 ?        Ss   08:55   0:00 rpc.mountd -p 892