Welcome to the Linux Foundation Forum!

problem with nfs permissions

texaganian
texaganian Posts: 3
in Network Management

I think I must be drain bamaged...

I'm just trying to export an NFS share and mount it on a client. Should be really easy but I'm failing!

Here's the set up:

Server:

OS: Centos 5.3

Name: fileprint-0 (aliases fp00, fs00)

Exported directory: /home/ESE

Client:

OS: Centos 5.3

Error:

mount: fs00:ESE failed, reason given by server: Permission denied

DETAILS:

1. The various nfs daemons are running on the server:

[root@fileprint-0 ~]# service nfs status
rpc.mountd (pid 18040) is running...
nfsd (pid 18037 18036 18035 18034 18033 18032 18031 18030) is running...
rpc.rquotad (pid 18025) is running...


2. For the moment the firewall has been completely disabled on the server:

[root@fileprint-0 ~]# service iptables status
Firewall is stopped.


3. The directory has been added to /etc/exports, exportfs -ra has been run, and there are no entries in /etc/hosts.deny:

[root@fileprint-0 ~]# cat /etc/exports
/home/ESE *(ro,sync) #Site Engineer tools


4. Owner and group for the directory have been set to nsfbody (the users on the clients will always be running as root):

[root@fileprint-0 ~]# ls -dal /home/ESE
drwxr-xr-x 3 nfsnobody nfsnobody 4096 Dec 4 05:01 /home/ESE


5. The clients are able to resolve and ping the server as fs00:

[root@directory-0 named]# host fs00
fs00.lab-0.agilulf.local is an alias for fileprint-0.lab-0.agilulf.local.
fileprint-0.lab-0.agilulf.local has address 10.42.0.24
[root@directory-0 named]# ping fs00
PING fileprint-0.lab-0.agilulf.local (10.42.0.24) 56(84) bytes of data.
64 bytes from fileprint-0.lab-0.agilulf.local (10.42.0.24): icmp_seq=1 ttl=64 time=0.715 ms
64 bytes from fileprint-0.lab-0.agilulf.local (10.42.0.24): icmp_seq=2 ttl=64 time=0.402 ms

--- fileprint-0.lab-0.agilulf.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1099ms
rtt min/avg/max/mdev = 0.402/0.558/0.715/0.158 ms


6. The local mount point on the client exists:

[root@directory-0 named]# ls -dal /mnt/ESE
drwxr-xr-x 2 root root 4096 Oct 27 16:04 /mnt/ESE


7. But attempts to mount the directory fail:

[root@directory-0 named]# mount -t nfs fs00:ESE /mnt/ESE
mount: fs00:ESE failed, reason given by server: Permission denied


8. I've tried setting no_squash but without any more success.

Anybody see what I am doing wrong?

Comments

  • mfillpot
    mfillpot Posts: 2,177
    texaganian wrote:
    3. The directory has been added to /etc/exports, exportfs -ra has been run, and there are no entries in /etc/hosts.deny: 
    [root@fileprint-0 ~]# cat /etc/exports
/home/ESE       *(ro,sync)      #Site Engineer tools

    Anybody see what I am doing wrong?

    Judging by what I am seeing in the manual the wildcard is to be used with in combination with a domain or other criteria. I recommend removing the widcard so it accepts all host which would modify in /etc/exports to: 
    /home/ESE       (ro,sync,all_squash)      #Site Engineer tools

    However I would recommend adding some type of limiting criteria to both your firewall all exports file to limit outside users from accessing the service such as:
    In exports- 
    /home/ESE       10.42.0.0/24(ro,sync,all_squash)      #Site Engineer tools

    and in your firewall- 
    iptables -A INPUT -P ALL -s 10.42.0.0/24 --dport 2049 -j ACCEPT
iptables -A INPUT -P ALL -s 0/0 --dport 2049 -j DROP

    Don't forget to restart the service to reload the exports file before testing it.
  • texaganian
    texaganian Posts: 3
    Thanks for the response. Alas, that doesn't seem to be the issue:
    [root@fileprint-0 ~]# cp /etc/exports /etc/exports.OLD
[root@fileprint-0 ~]# vi /etc/exports
[root@fileprint-0 ~]# service nfs restart
Shutting down NFS mountd:                                  [  OK  ]
Shutting down NFS daemon:                                  [  OK  ]
Shutting down NFS quotas:                                  [  OK  ]
Shutting down NFS services:                                [  OK  ]
Starting NFS services:  exportfs: No host name given with /home/ESE (ro,sync), suggest *(ro,sync) to avoid warning
                                                           [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]

    and I still got the same error.
  • mfillpot
    mfillpot Posts: 2,177
    I am installing a virtual machine now so I can configure it as an NFS server to test your configuration. I will report back advising what works for me.
  • mfillpot
    mfillpot Posts: 2,177
    I got it to work, the issue is that you have not identified the anonuid and anongid to be used internally by the server to assess the rights of the attaching user.

    What worked for me was: 
    /home/ESE               *(ro,sync.anonid=99,anongid=98)
    On my system user 99 is nobody and group 98 is nobody. This gave me read only access to the files.
  • texaganian
    texaganian Posts: 3
    Actually it was simpler than that.

    I just foobarred the mount command (left out the leading slash) and my eyes were refusing to see it. Became obvious instantly when I finally remembered to tail /var/log/messages.

    Doh!

Categories

Upcoming Training