System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 11.31 NFS & How to map root use to nobody uid

wenyinxin
Occasional Advisor

HP 11.31 NFS & How to map root use to nobody uid

I am using a HP-UX 11.31 Server that I have exported a file system through share cmd.
svr01 # share -F nfs -o rw=ws01 /data

There is a 777 directory "test" in /data.

in client host ws01, user root cannot write to /data/test, but other user can.

ws01 # id
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)
ws01 # touch a
touch: a cannot create
ws01 # su ata
$ touch a
$ ll a
-rw-r--r-- 1 ata ata 0 Dec 15 09:46 a


if I add 'anon' option in share cmd, user root can write to /data/test
svr01 # share -F nfs -o rw=ws01,anon=2 /data

ws01 # touch b
ws01 # ll b
-rw-r--r-- 1 bin sys 0 Dec 15 09:48 b

but if I want to use UID_NOBODY in anon, it failed.
1. use -2 as UID_NOBODY caused it failed in server.
svr01 # cat /etc/passwd | grep nobody
nobody:*:-2:-2::/:
svr01 # share -F nfs -o rw=ws01,anon=-2 /home
share_nfs: invalid anon value

2. use 4294967294 as UID_NOBODY caused it failed in client
svr01 # id nobody
uid=4294967294(nobody) gid=4294967294(nogroup)
svr01 # share -F nfs -o rw=ws01,anon=4294967294 /home
ws01 # touch b
touch: b cannot create

I noticed that there was a bug fixed in ONCplus B.11.31.08:
QXCR1000916642 Requests with UID and GID set to –2, does not map to anon value

I checked my ONCplus version, it is B.11.31.08 already.
svr01 # swlist -l bundle | grep ONCplus
ONCplus B.11.31.08 ONC+ 2.3


So, How can I set UID_NOBODY to be the effective user ID of root user?

Thanks for the responses.

9 REPLIES
shelendra
Occasional Visitor

Re: HP 11.31 NFS & How to map root use to nobody uid

please check /etc/exports directory where you can give also write permission
Dennis Handly
Acclaimed Contributor

Re: HP 11.31 NFS & How to map root use to nobody uid

>There is a 777 directory "test" in /data.

What are the permissions for the directories:
ll -d /data /data/test
wenyinxin
Occasional Advisor

Re: HP 11.31 NFS & How to map root use to nobody uid

shelendra:
I didn't export /etc file system, so I don't think it need write permissionï¼ right?

Dennis:
ws01 # ll -d /data /data/test
drwxr-xr-x 10 root root 8192 Dec 15 13:22 /data
drwxrwxrwx 2 root sys 96 Dec 15 13:22 /data/test


wenyinxin
Occasional Advisor

Re: HP 11.31 NFS & How to map root use to nobody uid

If I didn't use anon option, root user of ws01 cannot create file in /data/test, but it can delete file

ws01 # id
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)
ws01 # ll
total 0
-rw-rw-rw- 1 root sys 0 Dec 15 17:39 a
ws01 # touch b
touch: b cannot create
ws01 # echo "test" > a
ws01 # rm a
ws01 # ll
total 0
ws01 #
Stephan.
Honored Contributor

Re: HP 11.31 NFS & How to map root use to nobody uid

Hi,

Try 'share -F nfs -o sec=sys,root=ws01,rw=ws01 /date'

If you want that root is root you need the 'root=' option - pretty confusing but i hope you get what i mean.

hth
Stephan
wenyinxin
Occasional Advisor

Re: HP 11.31 NFS & How to map root use to nobody uid

Hi,

I don't want map ws01 root to svr01 root, what I want to do is mapping ws01 root to svr01 nobody.

Thanks.
wenyinxin
Occasional Advisor

Re: HP 11.31 NFS & How to map root use to nobody uid

in fact, there are 3 file systems in svr01:
svr01 # df
/home (/dev/vg00/lvol4 ): 2036464 blocks 32049 i-nodes
/stand (/dev/vg00/lvol1 ): 3279520 blocks 51637 i-nodes
/ (/dev/vg00/lvol3 ): 213260688 blocks 3358390 i-nodes

normally, the directory data is linked to /home.

svr01 # ll -d / /home /stand /data
drwxr-xr-x 22 root root 8192 Dec 16 10:38 /
lrwxr-xr-x 1 root sys 6 Dec 16 10:38 /data -> /home
drwxr-xr-x 10 root root 8192 Dec 16 10:35 /home
dr-xr-xr-x 9 bin bin 8192 Dec 16 10:41 /stand

I found that ws01 'root' map to svr01 'nobody' success if link 'data' to / or /stand.
map failed only when link 'data' to /home.

so it seems that the root cause is the difference between /home and the others.

svr01 # lvdisplay /dev/vg00/lvol1 /dev/vg00/lvol3 /dev/vg00/lvol4
--- Logical volumes ---
LV Name /dev/vg00/lvol1
VG Name /dev/vg00
LV Permission read/write
LV Status available/syncd
Mirror copies 0
Consistency Recovery MWC
Schedule parallel
LV Size (Mbytes) 1792
Current LE 56
Allocated PE 56
Stripes 0
Stripe Size (Kbytes) 0
Bad block off
Allocation strict/contiguous
IO Timeout (Seconds) default

LV Name /dev/vg00/lvol3
VG Name /dev/vg00
LV Permission read/write
LV Status available/syncd
Mirror copies 0
Consistency Recovery MWC
Schedule parallel
LV Size (Mbytes) 128096
Current LE 4003
Allocated PE 4003
Stripes 0
Stripe Size (Kbytes) 0
Bad block off
Allocation strict/contiguous
IO Timeout (Seconds) default

LV Name /dev/vg00/lvol4
VG Name /dev/vg00
LV Permission read/write
LV Status available/syncd
Mirror copies 0
Consistency Recovery MWC
Schedule parallel
LV Size (Mbytes) 1024
Current LE 32
Allocated PE 32
Stripes 0
Stripe Size (Kbytes) 0
Bad block on
Allocation strict
IO Timeout (Seconds) default


there are only two differences: 'Bad block' and 'Allocation'.

I checked another HP-UX 11.11 server(it's running properly). lvdisplay show the same result as above.
so I don't think I should modify these two parameters.

Do you have any ideas? Thanks
Stephan.
Honored Contributor

Re: HP 11.31 NFS & How to map root use to nobody uid

> I don't want map ws01 root to svr01 root, what I want to do is mapping ws01 root to svr01 nobody.

This is the default behavior of NFS - see man share_nfs

anon=uid
Set uid to be the effective user ID of unknown users. By default, unknown users are given the effective user ID UID_NOBODY. If uid is set to -1, access is denied.

root=access_list
Only root users from the hosts specified in access_list will have root access. See access_list below. By default, no host has root access, so root users are mapped to an anonymous user ID (see the anon=uid option described above).

To be honest i don't really understand the problem.

wenyinxin
Occasional Advisor

Re: HP 11.31 NFS & How to map root use to nobody uid

yes, It should be the default behavior, but for /home, it cannot works now. it works for the other two file system.