problem with nfs permissions
I think I must be drain bamaged...
I'm just trying to export an NFS share and mount it on a client. Should be really easy but I'm failing!
Here's the set up:
Server:
OS: Centos 5.3
Name: fileprint-0 (aliases fp00, fs00)
Exported directory: /home/ESE
Client:
OS: Centos 5.3
Error:
mount: fs00:ESE failed, reason given by server: Permission denied
DETAILS:
1. The various nfs daemons are running on the server:
rpc.mountd (pid 18040) is running...
nfsd (pid 18037 18036 18035 18034 18033 18032 18031 18030) is running...
rpc.rquotad (pid 18025) is running...
2. For the moment the firewall has been completely disabled on the server:
Firewall is stopped.
3. The directory has been added to /etc/exports, exportfs -ra has been run, and there are no entries in /etc/hosts.deny:
/home/ESE *(ro,sync) #Site Engineer tools
4. Owner and group for the directory have been set to nsfbody (the users on the clients will always be running as root):
drwxr-xr-x 3 nfsnobody nfsnobody 4096 Dec 4 05:01 /home/ESE
5. The clients are able to resolve and ping the server as fs00:
fs00.lab-0.agilulf.local is an alias for fileprint-0.lab-0.agilulf.local.
fileprint-0.lab-0.agilulf.local has address 10.42.0.24
[[email protected] named]# ping fs00
PING fileprint-0.lab-0.agilulf.local (10.42.0.24) 56(84) bytes of data.
64 bytes from fileprint-0.lab-0.agilulf.local (10.42.0.24): icmp_seq=1 ttl=64 time=0.715 ms
64 bytes from fileprint-0.lab-0.agilulf.local (10.42.0.24): icmp_seq=2 ttl=64 time=0.402 ms
--- fileprint-0.lab-0.agilulf.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1099ms
rtt min/avg/max/mdev = 0.402/0.558/0.715/0.158 ms
6. The local mount point on the client exists:
drwxr-xr-x 2 root root 4096 Oct 27 16:04 /mnt/ESE
7. But attempts to mount the directory fail:
mount: fs00:ESE failed, reason given by server: Permission denied
8. I've tried setting no_squash but without any more success.
Anybody see what I am doing wrong?
Comments
Judging by what I am seeing in the manual the wildcard is to be used with in combination with a domain or other criteria. I recommend removing the widcard so it accepts all host which would modify in /etc/exports to:
However I would recommend adding some type of limiting criteria to both your firewall all exports file to limit outside users from accessing the service such as:
In exports-
and in your firewall-
Don't forget to restart the service to reload the exports file before testing it.
and I still got the same error.
What worked for me was: On my system user 99 is nobody and group 98 is nobody. This gave me read only access to the files.
I just foobarred the mount command (left out the leading slash) and my eyes were refusing to see it. Became obvious instantly when I finally remembered to tail /var/log/messages.
Doh!