Workbench project sharing issue: system error 13 (Permission denied) - NFSv4 on Ubuntu 20.04

Hi there,
I have a new Posit Workbench installation on Ubuntu 20.04 and I'm attempting to replicate what I had on my old servers - project sharing working across an NFSv4 share which contains all my user home directories. Both the sharing machine and Workbench machine are running the same version of Ubuntu, and the shared disk is a btrfs volume. The systems are bound to AD using sssd, with enumeration of users enabled.

When I run project sharing from the RStudio IDE, this is the error that appears in rserver.log:

2023-11-13T11:59:31.584851Z [rserver] DEBUG Proxy to launcher session with cached endpoint: (gwest:17)
2023-11-13T11:59:31.586650Z [rserver] DEBUG - Start proxy to launcher endpoint: (gwest:17)
2023-11-13T11:59:31.688788Z [rserver] DEBUG Handling session rpc: /acl (gwest:18)
2023-11-13T11:59:31.688918Z [rserver] DEBUG Running acls helper: /usr/lib/rstudio-server/bin/rserver-acls 1791417517  body: {"version":"nfsv4","principal_type":"uid","domain":"","operation":"apply_acl","request_uid":1791417517,"uids":[1791417517],"objects":[{"object_type":"object_type_project","object_path":"/positshareddisk/positworkbench/home/gwest/sharingtest-with-otheruser"},{"object_type":"object_type_file","object_path":"/positshareddisk/positworkbench/shared-project-storage/shared-projects/8d3edd9ec1035.proj"}],"usernames":["otheruser"]}
2023-11-13T11:59:31.689656Z [rserver] DEBUG system error 13 (Permission denied) [path: /proc/19892/fd]; OCCURRED AT rstudio::core::Error rstudio::core::system::{anonymous}::scanDir(const string&, std::vector<std::__cxx11::basic_string<char> >*) src/cpp/core/system/PosixFileScanner.cpp:74
2023-11-13T11:59:31.783225Z [rserver] DEBUG ACL helper success with output: {"succeeded":false,"error_message":"Could not read project files in /positshareddisk/positworkbench/home/gwest/sharingtest-with-otheruser system error 13 (Permission denied)","failed_paths":[]}

'otheruser' is a another system user's short username - I've changed it to preserve their anonymity. The project is at the path /positshareddisk/positworkbench/home/gwest/sharingtest-with-otheruser.

In the UI, I get this message:

Could not read project files in /positshareddisk/positworkbench/home/gwest/sharingtest-with-otheruser system error 13 (Permission denied)

I have been able to confirm that ACLs are working on my mounted volume ( /positshareddisk/positworkbench ) with nfs4_getfacl:

$ nfs4_getfacl sharingtest2/

(where 'sharingtest2' is a project in my home directory, and I'd manually run the following to add a user by their numeric ID to the ACL list):

nfs4_setfacl -a A::1791417377:rax /positshareddisk/positworkbench/home/gwest/sharingtest2

My systems are bound to an Active Directory domain, and I know they use numeric IDs to refer to individuals.

My /etc/rstudio/rsession.conf contains this:

# Configure project sharing

The rsession.conf has this:

# Set project sharing link location to a path on the NFS volume

The sharing directory has the UID bit set, and the following permissions:

$ stat /positshareddisk/positworkbench/shared-project-storage/
  File: /positshareddisk/positworkbench/shared-project-storage/
  Size: 46              Blocks: 0          IO Block: 1048576 directory
Device: 39h/57d Inode: 155040      Links: 1
Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-11-13 09:13:51.458387679 +0000
Modify: 2023-11-10 10:28:08.007692804 +0000
Change: 2023-11-10 10:28:08.007692804 +0000
 Birth: -

It seems to contain .proj files relating to each share, but none have an ACL set (as I would expect).

I'm not clear from the log messages on which part of project sharing is failing - whether it's setting the project directory ACL, or the .proj file ACL.

Any ideas?

Also, is there a way to manually replicate the facl/chown/chmod commands that RStudio tried to run, or get any more information from the system that would help me diagnose this?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.