325851 – Patch kernel on build.eclipse.org to bypass NFS >16 group limit for signing directory

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 325851 - Patch kernel on build.eclipse.org to bypass NFS >16 group limit for signing directory

Summary: Patch kernel on build.eclipse.org to bypass NFS >16 group limit for signing d...

Status:	RESOLVED FIXED

Alias:	None

Product:	Community
Classification:	Eclipse Foundation
Component:	Servers (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Eclipse Webmaster
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-09-21 09:42 EDT by Paul Webster
Modified:	2011-08-12 14:23 EDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Webster

2010-09-21 09:42:05 EDT

The e4 build breaks on signing.

uid=55010(e4Build) gid=100(users) groups=16(dialout),33(video),100(users)
issues the scp command.

e4Build@build:/shared/eclipse/e4/build/e4/downloads/drops/4.0.0/I20100921-0847/packtmp> scp eclipse-master-20100921-0847.zip pwebster@build.eclipse.org:/home/data/httpd/download-staging.priv/eclipse/e4
scp: /home/data/httpd/download-staging.priv/eclipse/e4/eclipse-master-20100921-0847.zip: Permission denied

If I ssh to build.eclipse.org as pwebster (who includes group 8690(eclipse.e4)) I cannot write to that e4 directory:

pwebster@build:/home/data/httpd/download-staging.priv/eclipse/e4> ls -ld .
drwxrwsr-x+ 10 e4Build eclipse.e4 416 2010-09-17 12:56 .
pwebster@build:/home/data/httpd/download-staging.priv/eclipse/e4> touch tmp.txt
touch: cannot touch `tmp.txt': Permission denied

PW

Comment 1 Denis Roy

2010-09-21 10:20:10 EDT

I don't have any problems as e4Build:

e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> ls -l
total 30226
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-06 04:05 20100721-0950-out
drwxrwsr-x+ 3 genie    eclipse.e4      104 2010-07-22 09:26 20100722-0909-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-07 04:17 20100722-0955-out
drwxrwsr-x+ 3 pwebster eclipse.e4      160 2010-09-17 12:57 20100917-1230-out
-rw-rw-rw-+ 1 pwebster eclipse.e4 30917342 2010-09-17 12:56 eclipse-master-20100917-1230.zip
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-04 03:53 I20100715-1054-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-05 04:09 I20100719-1400-out
drwxrwsr-x+ 3 genie    eclipse.e4      104 2010-07-27 11:33 I20100726-2152-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-03 21:49 I20100803-1905-out
e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> touch t
e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> rm t


As for pwebster, this is the >16 groups over NFS biting us.  That location (download-staging.priv) used to be a local disk array on the build server, which was exported via NFS to allow Hudson to access it.  Since we don't want further build outages to affect Hudson, the mount was moved to our primary NFS servers.

Looks like I'll have to patch the kernel on the new build server as well.

But can you confirm that e4Build cannot write there?  The e4 directory is owned by e4Build.

Comment 2 Paul Webster

2010-09-21 10:35:05 EDT

e4Build can write to that directory, just not pwebster.  But pwebster is our 8303(signers) userid.

PW

Comment 3 Denis Roy

2010-09-21 10:46:59 EDT

Gotcha.  I've set up an ACL for pwebster.  Give it a try.

Comment 4 Paul Webster

2010-09-21 10:50:24 EDT

(In reply to comment #3)
> Gotcha.  I've set up an ACL for pwebster.  Give it a try.

Great, that works.

Thanx,
PW

Comment 5 Denis Roy

2010-09-21 10:58:58 EDT

Updated summary.

Comment 6 Denis Roy

2011-08-12 14:23:12 EDT

Let's just use ACLs for the exceptions.  The fewer patched kernels I need to maintain, the better.