Solved: chgrp: changing group of `testfile’: Operation not permitted. How to solve NFS 16 group limit ?

Today we will see an interesting issue and its solution why we are getting chgrp “changing group of testfile”: operation not permitted error.

 

I. Error Details
Below we can see an interesting issue when the user is not able to change his own file to one of the secondary group he own.

ngelinux001 {ngeuser} chgrp oracle_grp testfile
chgrp: changing group of `testfile': Operation not permitted

 

II. RCA why the issue occured.
This happens since there are multiple secondary groups assigned to your user id.

And there is limitation of 16 groups with auth_sys.

It is not able to authenticate the groups fall after 16 groups for the user.

 

III. Workaround
To workaround this issue, please change your primary group to oracle_grp or any other which you want to work with and do your operations.

ngelinux001 {ngeuser} id -a
uid=15257(ngeuser) gid=6884(oracle_grp) groups=1021(dev),37(spectre),500(xguest),1001(cadence4),1003(ambit),1033(cvs),1111(icdrd),1401(rc-grp),1478(ci_grp),2026(rc-top),2028(rc-engineering),3105(vps_rnd),3363(ssv),3924(anlsrd),4780(spectrerd),5165(soce),6871(cte_access_rd),6884(oracle_grp),30098(platord)

ngelinux001 {ngeuser} echo "hello" > testfile

ngelinux001 {ngeuser} ls -l testfile
rw-rr- 1 ngeuser dev 6 Apr  5 23:50 testfile

ngelinux001 {ngeuser} newgrp oracle_grp

ngelinux001 {ngeuser} chgrp oracle_grp testfile

ngelinux001 {ngeuser} ls -l testfile
rw-rr- 1 ngeuser oracle_grp 6 Apr  5 23:50 testfile
ngelinux001 {ngeuser}

Now you will be able to change the group because the group became your primary one and it can be validated by auth_sys.

 

IV. Permanent Solution
The solution needs to be implemented at NFS server, and you can’t remediate it on NFS client.

a. On our nfs server, edit /etc/nfs.conf, add below lines:
[mountd]
manage-gids=y

b. Save nfs.conf file and restart your nfs daemon.
# systemctl restart nfs
# exportfs -r

c. On NFS clients
# mount -o remount <NFS_Path>

d. Log out and login back from your user.
Now the user is free from 16 group membership limit.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments