topic Re: 11.31 NFS permission deny in Operating System - HP-UX

11.31 NFS permission deny

lin.chen — Mon, 07 Jul 2008 08:55:01 GMT

Dear All,
In NFS server:
vi /etc/dfs/dfstab
share -F nfs /tmp
share -F nfs /opt

In NFS client:( it is 11.31 too)
mount server:/tmp /mountpoint1
touch newfile <<<
mount server:/opt /mountpoint2
touch newfile <<< newfile="" cannot="" create="">
I found the problem is different permission of "/tmp and /opt" of nfs server.
If I change the permission of /opt, I can also touch the file.
Could you give some suggest to let client has read write permission when mount "/opt of NFS server".
Actually I did not want to change the permission of /opt of NFS server.
Thanks, Louis

Re: 11.31 NFS permission deny

Rasheed Tamton — Mon, 07 Jul 2008 09:59:33 GMT

Hi Louis,

I do not think that you can change the NFS server permission from the client side. It nulls all the security if you can change the permission from the client side.

What exportfs command you used to export the FS.

Regards,
Rasheed Tamton.

Re: 11.31 NFS permission deny

Steven E. Protter — Mon, 07 Jul 2008 10:06:03 GMT

Shalom,

showmount -e hostname_of_server

To see what mount points are available.

Then check permissions on the server.

Sharing /tmp should not be a problem but there are possible security concerns with sharing /opt

/var/adm/syslog/syslog.log should be checked on the server.

SEP

Re: 11.31 NFS permission deny

Dennis Handly — Mon, 07 Jul 2008 11:58:03 GMT

>SEP: Sharing /tmp should not be a problem but there are possible security concerns with sharing /opt

If you export /opt as readonly it should be fine. That's how NFS diskless worked.

Re: 11.31 NFS permission deny

lin.chen — Mon, 07 Jul 2008 14:01:41 GMT

Thanks a lot for your reply.
"/tmp and /opt" just is example.
I mean if the directory need to share did not has the "write permission" for Others.How can mount it from client with "read and write" permission?

Re: 11.31 NFS permission deny

tom quach_1 — Tue, 08 Jul 2008 02:06:47 GMT

Hi Lin,

you may want to change permission on /opt itself.
if /opt has this permission, then no one could write to it even you have -o rw
dr-xr-xr-x 100 bin bin 3072 Apr 25 16:05 /opt

In NFS server:
vi /etc/dfs/dfstab
share -F nfs /tmp
share -F nfs -o rw /opt

Tom,

Re: 11.31 NFS permission deny

Dave Olker — Tue, 08 Jul 2008 02:21:01 GMT

Hi Louis,

The question is: what users are trying to create files in /opt on the NFS server? Was this the root user on the client that was unable to create files in /opt until you opened up the permissions on the server's directory? When you opened up the /opt directory permissions and the user was able to create a file, what was the uid/gid of the file that was created? I'm wondering if they were -2.

If that's the case you could get around that problem by sharing the filesystem with a root= list that includes the client's fully-qualified hostname. That would tell the server to treat requests originating from the root user on the client as a root user on the server rather than re-mapping the UID/GID to -2.

If you're wanting normal users to be able to create files in /opt on the server then you'd likely have to open up the permissions of the directory on the server, just as you would if you wanted these users to create files in /opt on the local system.

Regards,

Dave

Re: 11.31 NFS permission deny

Dennis Handly — Tue, 08 Jul 2008 10:28:22 GMT

>I mean if the directory need to share did not has the "write permission" for Others. How can mount it from client with "read and write" permission?

You have N barriers:
1) The permission of the file.
(Not a problem if you own the file since you can change it. If you are root, you can su and be the owner, unless owner is root and you have root set to less than nobody. ;-)
2) How the filesystem is mounted.
3) How the filesystem is exported.