| NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald  Date: 03-08-2010, 13:45:PM |
Hi all, First off a little disclaimer... I'm not actually a systems person. I'm a programmer who became a compositor, then started his own company (with others) and ended up running the tech side because there was nobody more qualified already in the company... So I've kinda been muddling along (reasonably successfully) so far...! With that said, I've hit upon a snag, and, while it's not a show-stopper, and things generally work, it's recently started bugging me more than usual... I've detailed it over at SuperUser.com: The gist of it is that my user's home directories are shared using NFS (OSX Server -> OSX Workstations), and it's causing permissions problems when switching to any user other than the one that's logged on through the GUI. The reasoning behind doing it all through NFS is because we've got some Linux workstations (and plan on increasing this over time) and I wanted to standardise on where home directories were mounted across all the machines. If anyone's got any thoughts on it, they would be most welcome! Thanks nvizible ? VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Todd Smith Date: 03-08-2010, 14:00:PM |
On Mar 8, 2010, at 1:44 PM, Hugh Macdonald wrote:
Hey Hugh, Are users authenticating locally or from a server? Can you send the output from the following commands? 'id matt' 'ls -lan /mount/company_users' As well are you using autofs to mount the home directories? I'm assuming you are somehow redirecting the users home directories via some mechanism. Which one is it? Are you using a custom csh.login? csh.cshrc? Cheers Todd Smith Head of Information Technology soho vfx | T.O. 99 atlantic ave. suite 303 toronto ontario m6k 3j8 tel: 416.516.7863 |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald Date: 03-08-2010, 14:10:PM |
Hi Todd, Here you go: [nv001:~] hugh% id matt uid=1040(matt) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),1034(fmartists),101(com.apple.sharepoint.group.1) [nv001:~] hugh% ls -lan /mount/company_users/ total 40 drwxrwxrwx ? 26 1035 ? ? ? ?0 ? ? ? 840 27 Jan 19:09 . drwxr-xr-x ? ?5 501 ? ? ? ? 80 ? ? ?170 ?8 Mar 18:30 .. drwx------+ 128 1035 ? ? ? ?20 ? ? 4308 27 Feb 23:36 hugh drwxr-xr-x+ ?28 1040 ? ? ? ?20 ? ? ?908 20 Jan 13:05 matt I'm not using autofs - I've set the mount up using Directory Utility. No specific custom parameters, just with: Remote NFS URL: nfs://nvserver01/Volumes/data/company_users Mount location: /mount/company_users And I set up the NFS Share from the other end using NFS Manager. nvizible ? VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 www.nvizible.com On 8 March 2010 18:57, Todd Smith <todd@sohovfx.com> wrote:
|
||
| Re: NFS home directories under OSX | |||
|
Posted by: Todd Smith Date: 03-08-2010, 15:20:PM |
On Mar 8, 2010, at 2:10 PM, Hugh Macdonald wrote: Hi Todd, Sorry missed a listing. There are extended attributes on your FS. Can you do: ls -la@ /mount/company_users What mechanism is pointing the user login towards using /mount/company_users for home directories? (ie. our LDAP server points our users to /home/<username>). In csh the environment variable that points to a users home directory is called $HOME. If you do 'echo $HOME' then it should return '/mount/company_users/hugh' but in order for me to discern the problem you may have, I need to understand where that variable is being set. Cheers Todd Smith Head of Information Technology soho vfx | T.O. 99 atlantic ave. suite 303 toronto ontario m6k 3j8 tel: 416.516.7863 |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald Date: 03-08-2010, 15:40:PM |
Hi again Todd, When I do "ls -la@", there is no difference from "la -la" on the folders themselves. There are a couple of hidden items (.DS_Store and .TemporaryItems) that are floating around in there that have "com.apple.FinderInfo ? 32" as extended attributes, but none of the user home directories have anything extra. It's something inside of OSX Server's Workgroup Manager that specifies where the user should find their home directory. I believe that $HOME is set from here - I'm certainly never setting it myself. I missed a couple of answers from your first email: Yes, I've got a custom .tcshrc for all users. This looks like this (for everyone): -------------------------------------------------------------- if ( -f /jobs/tech/csh/main.cshrc ) then source /jobs/tech/csh/main.cshrc else echo Not connected to jobs server. Not loading config. endif source $HOME/user.cshrc -------------------------------------------------------------- (user.cshrc is where users would put their own aliases and anything else they want to have available) /jobs/tech/csh/main.cshrc is what sets up our environment. With Workgroup Manager, if the home directories on the server are in /Volumes/data/company_users, then the place where these will be mounted on the workstations defaults to /Network/Servers/nvserver01.nvizible.com/Volumes/data/company_users This was fine for OSX, but obviously not for Linux, which is why I added the NFS mount and changed where the home directories were pointing at. I'm guessing that OSX's method of doing some kind of auto-mounting of home directories is interfering somewhere along the line with the NFS mount method... I'd rather get OSX to not do anything and just point at the right place and leave the mount to all work through NFS... Thanks for the help! Hugh Macdonald nvizible ? VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 www.nvizible.com On 8 March 2010 20:16, Todd Smith <todd@sohovfx.com> wrote:
|
||
| Re: NFS home directories under OSX | |||
|
Posted by: Todd Smith Date: 03-08-2010, 15:55:PM |
On Mar 8, 2010, at 3:39 PM, Hugh Macdonald wrote: Hi again Todd, There's the answer I was looking for. Unfortunately I have little to no experience with Workgroup Manager and Linux working harmoniously. Wish I could be of more help, sorry Hugh! Todd Smith Head of Information Technology soho vfx | T.O. 99 atlantic ave. suite 303 toronto ontario m6k 3j8 tel: 416.516.7863 |
||
| Re: NFS home directories under OSX | |||
|
Posted by: JJ Franzen Date: 03-08-2010, 15:55:PM |
Have you tried using good ol /etc/fstab to mount your NFS instead of Dir util? I've had much better luck and behavior that way. Plus you can specify an exact mount point. Example: titan:/SouthPark /SouthPark nfs rw 0 0 mounts our Bluearc Fileserver's SouthPark share to /SouthPark at the root of the file system. Then you can just say in WGM that the user's home dir is /SouthPark/users/USERNAME. I must admit we don't allow using the fast user switching functionality of OS X because it tends to be flaky at best and causes more problems then the convenience it is supposed to provide is worth. If you MUST have it, you may have to do some debugging with Apple. Are you on 10.5.x or 10.6.x BTW? J^2 On Mar 8, 2010, at 12:39 PM, Hugh Macdonald wrote: Hi again Todd, |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Mat X Date: 03-08-2010, 16:25:PM |
On 2010-03-08, at 10:44 AM, Hugh Macdonald wrote:
Can I ask to what purpose other users are trying to ssh in to a machine? Is it for your render farm or something else? :) Mat X E: matxdotca@gmail.com T: 778-837-1036 ? Apple Certified Xsan 2 Admininistrator ? Apple Certified Media Administrator ? Apple Certified Pro - Final Cut Server Level One ? Apple Certified Technical Coordinator (10.6) ? Apple Certified Support Professional (10.6) StudioSysAdmins-Discuss mailing list StudioSysAdmins-Discuss@mailman.studiosysadmins.com http://mailman.studiosysadmins.com/mailman/listinfo/studiosysadmins-discuss |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald Date: 03-09-2010, 05:50:AM |
Todd - Thanks for your help - I'll keep working at this one then... J.J. - Dir Util allows me to specify the mount point - I'll have a look at doing it using fstab instead... Personally, I still think that the NFS side of this is working just fine - it's OSX trying to do something else on top of this that's causing the problems here. And I'm still on 10.5.x (server and workstations) here. Mat - The users themselves shouldn't be doing this - it's more tied up in the pipeline and render farm side of things. There are two things that I need to be able to do that I can't at the moment... The 'render' user (that all render machines are running as) needs to be able to sudo (without a password) the command 'runFarmCommand.py' as any user. This works for now, but usually chucks up warnings about not being able to find the user's home directory. Users need to be able to SSH between machines without needing a password (for Alfred). At the moment, the user on the remote machine can't access ~/.ssh/, so the authentication can't happen (this works just fine under Linux) Any more thoughts most welcome... I was hoping that some of you might have come across the same issues if you're working with a combined Linux/OSX setup (although if your server side is Linux, which is probably most likely, you may not have these problems) Thanks again! Hugh Macdonald nvizible â VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 www.nvizible.com On 8 March 2010 21:21, matxdotca <matxdotca@gmail.com> wrote:
|
||
| Re: NFS home directories under OSX | |||
|
Posted by: Tim Nicholas Date: 03-09-2010, 17:40:PM |
Have you checked the ownership and permissions on /Volumes and /Volumes/data? I note from your ls output on superuser.com that /mount/company_users is owned by 'hugh:wheel' rather than something more generic. You might also want to confirm that the link between /mount/company_users and /Volumes/data/company_users really is a symlink and not a mac alias. Tim On 9/03/10 11:46 PM, Hugh Macdonald wrote: > Todd - Thanks for your help - I'll keep working at this one then... > > J.J. - Dir Util allows me to specify the mount point - I'll have a look > at doing it using fstab instead... Personally, I still think that the > NFS side of this is working just fine - it's OSX trying to do something > else on top of this that's causing the problems here. And I'm still on > 10.5.x (server and workstations) here. > > Mat - The users themselves shouldn't be doing this - it's more tied up > in the pipeline and render farm side of things. > > There are two things that I need to be able to do that I can't at the > moment... > > The 'render' user (that all render machines are running as) needs to be > able to sudo (without a password) the command 'runFarmCommand.py' as any > user. This works for now, but usually chucks up warnings about not being > able to find the user's home directory. > > Users need to be able to SSH between machines without needing a password > (for Alfred). At the moment, the user on the remote machine can't access > ~/.ssh/, so the authentication can't happen (this works just fine under > Linux) > > > Any more thoughts most welcome... I was hoping that some of you might > have come across the same issues if you're working with a combined > Linux/OSX setup (although if your server side is Linux, which is > probably most likely, you may not have these problems) > > > Thanks again! > > Hugh Macdonald > nvizible â VISUAL EFFECTS > > +44(0) 207 659 2369 > +44(0) 7773 764 708 > > www.nvizible.com http://www.nvizible.com > > > > On 8 March 2010 21:21, matxdotca matxdotca@gmail.com matxdotca@gmail.com> wrote: > > > On 2010-03-08, at 10:44 AM, Hugh Macdonald wrote: > > > The gist of it is that my user's home directories are shared using > NFS (OSX Server -> OSX Workstations), and it's causing permissions > problems when switching to any user other than the one that's logged > on through the GUI. > > Can I ask to what purpose other users are trying to ssh in to a > machine? Is it for your render farm or something else? > > > :) > > Mat X > > > E: matxdotca@gmail.com matxdotca@gmail.com > T: 778-837-1036 > > ? Apple Certified Xsan 2 Admininistrator > ? Apple Certified Media Administrator > ? Apple Certified Pro - Final Cut Server Level One > ? Apple Certified Technical Coordinator (10.6) > ? Apple Certified Support Professional (10.6) > > _ > StudioSysAdmins-Discuss mailing list > StudioSysAdmins-Discuss@mailman.studiosysadmins.com > StudioSysAdmins-Discuss@mailman.studiosysadmins.com > http://mailman.studiosysadmins.com/mailman/listinfo/studiosysadmins-discuss > > > > > _ > StudioSysAdmins-Discuss mailing list > StudioSysAdmins-Discuss@mailman.studiosysadmins.com > http://mailman.studiosysadmins.com/mailman/listinfo/studiosysadmins-discuss -- Tim Nicholas - tjn@wetafx.co.nz +64 21 337 204 (Cell), +64 4 380 3682 (Work), ext5682 Systems Administrator, Weta Digital, NZ StudioSysAdmins-Discuss mailing list StudioSysAdmins-Discuss@mailman.studiosysadmins.com http://mailman.studiosysadmins.com/mailman/listinfo/studiosysadmins-discuss |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Mat X Date: 03-09-2010, 17:55:PM |
On 2010-03-09, at 2:46 AM, Hugh Macdonald wrote:
Depending on your render pipeline you could have the rendering run as the local (Mac) admin user, thereby not needing a mounted nfs home folder on each workstation that is rendering. Since you're probably rendering on your shared network filesystem (nfs) you don't need home folders of any particular users.
the render user in this case could be the local admin account or another local account just for rendering. And this would eliminate these error messages.
If you can trust rendering users to use a shared account then your auth key for ssh can go locally. Depends on your security requirements, vs. your pipeline setup needs. :) Mat X StudioSysAdmins-Discuss mailing list StudioSysAdmins-Discuss@mailman.studiosysadmins.com http://mailman.studiosysadmins.com/mailman/listinfo/studiosysadmins-discuss |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Sven Nielsen Date: 03-09-2010, 18:05:PM |
This might not be it, but is the issue with root squashing on the NFS server? If ssh and sudo do anything as root, and 'no_root_squash' isn't enabled, their permissions will get squashed to 'nobody's permissions, which means things like .ssh dirs and anything without 'everybody' permissions applied won't be accessible. Not sure how the export occurs on the server side, but instead of just IP_RANGE(rw) it should be something like IP_RANGE(rw,no_root_squash) . I think there might be a checkbox in OS X's Server Admin when you set up the export, but it's been a while, so I don't remember. Again, not sure if this is it, but if the issue isn't something bizarre about the way homedirs are handled on OS X, this might be it. -Sven On Mar 9, 2010, at 2:46 AM, Hugh Macdonald wrote: Todd - Thanks for your help - I'll keep working at this one then... |
||
| Re: NFS home directories under OSX | |||
|
Posted by: George Siddiqui Date: 03-10-2010, 07:00:AM |
>> causing permissions problems when switching to any user other than the one that's logged on through the GUI. |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald Date: 03-10-2010, 07:05:AM |
George, as usual, you are, I think, awesome! I've not properly tested this yet, but something leapt out at me from that doc that I think might be just what my problem is... In WorkGroup manager, I was allowing it to specify the "Home URL" as well as the "Full Path" - this would be, I believe, why it's trying to re-mount the home directories using AFP when they're already there as NFS. I've switched this over to just being a "Full Path", which means that it should just look there and not try to mount anything.... I'll try it out this afternoon and report back on how it works... Thanks! Hugh Macdonald nvizible ? VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 www.nvizible.com On 10 Mar 2010, at 11:58, emailmesiddiqui@gmail.com wrote: >> causing permissions problems when switching to any user other than the one that's logged on through the GUI. |
||
| Re: NFS home directories under OSX | |||
|
Posted by: Hugh Macdonald Date: 03-10-2010, 11:55:AM |
I think I can confirm that this one is fixed. Thanks all for your help, and thanks George for sending that PDF that finally sorted it! Cheers Hugh Macdonald nvizible ? VISUAL EFFECTS +44(0) 207 659 2369 +44(0) 7773 764 708 www.nvizible.com On 10 Mar 2010, at 11:58, emailmesiddiqui@gmail.com wrote: >> causing permissions problems when switching to any user other than the one that's logged on through the GUI. |
||
| We can also be followed on: |  |  |  |
||||
|
-
Latest Job Board Listings
Systems Administrator
@ IMAX Corporation
Pipeline Developer
@ BlueBolt
MySQL DB Administrator / Systems D...
@ The Moving Picture Company
IT/Systems Admin
@ Leviathan Studios
|
-
Latest Forum Threads
-
Script Writing Program
by Alex Martinez -
Starz : Ref / Compositing monitors...
by Fabrice Altman -
hackers in my mail!
by Greg Whynott -
3D Vision Pro
by Reint Taul
|
-
News Tags
- announcements(6), meetings(17), events(15)
|
-
Latest Used Gear Ads
TVLogic LVM-401W professional broa...
@ The Moving Picture Company
Data Center Racks
@ The Ant Farm
Looking for Wacom Tablets
@ Starz Animation
Genelec 8030 APM Active Studio Mon...
@ Monster Matchmoves Inc
|
-
Latest WIKI Updates
- Operating Systems Usage by Studio
edited by Jez Tucker - Linux Maya 2010 + NFS setup
edited by Fatima Mojaddidy - What have our members worked on?
edited by John Hickson - Windows 7 Professional Deployment
edited by Artin Matousian
|
-
Latest Blog Articles
- Starz Animation Network Storage Te...
by John Hickson - Starz Animation Network Storage Ov...
by John Hickson - Cross-Platform Link-Based Director...
by John Hickson - Load Balanced Network Services
by John Hickson
-
Blog Tags
- Configuration(3), Event(1), Hardware(1), SocialMedia(1), Software(2), Storage(3), TechFieldDay(1), Testing(1), UNIX(2), Windows(1), Workflow(3)
- Search Forum Posts