I have two Linux systems, both running Debian Squeeze. Versions of (I think) the stuff involved are:
kernel: 2.6.32-5-xen-amd64
ii nfs-kernel-server 1:1.2.2-4squeeze2 support for NFS kernel server
ii libnfsidmap2 0.23-2 An nfs idmapping library
ii nfs-common 1:1.2.2-4squeeze2 NFS support files common to client and server
ii portmap 6.0.0-2 RPC port mapper
(The client doesn't have nfs-kernel-server involved.)
I have a directory with ACLs:
# file: dirname
# owner: jon
# group: foogroup
# flags: -s-
user::rwx
user:www-data:rwx
group::r-x
group:foogroup:rwx
mask::rwx
other::r-x
default:...
There are two users, neither one of which owns the directory:
uid=3001(jake) gid=3001(jake) groups=3001(jake),104(wheel),3999(foogroup)
uid=3005(nic) gid=3005(nic) groups=3005(nic),3999(foogroup)
The jake user can create files in the directory without issues. The nic user can't. All UIDs/GIDs are the same on the client and server. I've verified (packet sniffing) that the right uids/gids get sent via AUTH_UNIX are correct-- uid=gid=3005, auxiliary gids=3005,3999-- and that the server replies with NFS3ERR_ACCESS, which the kernel on the client maps to EACCES (Permission denied).
Can anyone help me here?
I can't say if this could cause the problem you're having, but I noticed some oddity:
Your directory is group owned by
foogroup.foogroups permission therefore isgroup::r-x. But you set an additional ACL entrygroup:foogroup:rwx. Why don't you just setgroup:rwxinstead?Even a default ACL for
group:foogroupis unecessary as you havesetgidon your directory. Every new directory below will therefore automatically inherit the owning group and thesetgidof your directory.