Solved: chgrp: changing group of `testfile’: Operation not permitted. How to solve NFS 16 group limit ?
Today we will see an interesting issue and its solution why we are getting chgrp “changing group of testfile”: operation not permitted error.
I. Error Details
Below we can see an interesting issue when the user is not able to change his own file to one of the secondary group he own.
ngelinux001 {ngeuser} chgrp oracle_grp testfile chgrp: changing group of `testfile': Operation not permitted
II. RCA why the issue occured.
This happens since there are multiple secondary groups assigned to your user id.
And there is limitation of 16 groups with auth_sys.
It is not able to authenticate the groups fall after 16 groups for the user.
III. Workaround
To workaround this issue, please change your primary group to oracle_grp or any other which you want to work with and do your operations.
ngelinux001 {ngeuser} id -a uid=15257(ngeuser) gid=6884(oracle_grp) groups=1021(dev),37(spectre),500(xguest),1001(master4),1003(ambit),1033(cvs),1111(icdrd),1401(rc-grp),1478(ci_grp),2026(rc-top),2028(rc-engineering),3105(vps_rnd) ngelinux001 {ngeuser} echo "hello" > testfile ngelinux001 {ngeuser} ls -l testfile rw-rr- 1 ngeuser dev 6 Apr 5 23:50 testfile ngelinux001 {ngeuser} newgrp oracle_grp ngelinux001 {ngeuser} chgrp oracle_grp testfile ngelinux001 {ngeuser} ls -l testfile rw-rr- 1 ngeuser oracle_grp 6 Apr 5 23:50 testfile ngelinux001 {ngeuser}
Now you will be able to change the group because the group became your primary one and it can be validated by auth_sys.
IV. Permanent Solution
The solution needs to be implemented at NFS server, and you can’t remediate it on NFS client.
a. On our nfs server, edit /etc/nfs.conf, add below lines: [mountd] manage-gids=y b. Save nfs.conf file and restart your nfs daemon. # systemctl restart nfs # exportfs -r c. On NFS clients # mount -o remount <NFS_Path> d. Log out and login back from your user. Now the user is free from 16 group membership limit.