[NFS-Ganesha-Devel] Re: Nested netgroup support
On 12/18/2018 08:31 AM, Sachin Punadikar wrote:
Hello,
Does Ganesha's internal caching do support nested netgroups ?
One customer is reporting that one client from nested netgroup is
allowed to access while another one from same nested group is not allowed.
Any hints on possible cause of such scenario ?
Is there any way by which one can purge the netgroup cache in Ganesha ?
The netgroup cache code is pretty simple. It just looks in the cache
tree by host/group, and returns if found; otherwise, it calls
innetgr(group, host, NULL, NULL), and caches the result in the cache
tree. Entries in the cache time out after 30 minutes. We don't
explicitly do anything related to nested groups; if innetgr() returns
success, then we'll cache the hostname in the outer group. There
doesn't appear to be a reason why a host can't be in multiple groups.
You can clear the netgroup cache with a dbus command purge_netgroups.
Note that, if a host is not part of a group, so it fails, then we'll
cache the negative status for 30 minutes. Adding the host to the
correct group won't have any immediate effect, unless you clear the cache.
Daniel