System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Not able to cpy files to NFS mount

 
vat
Advisor

Not able to cpy files to NFS mount

Dear All,

 

We have two servers say A and B.

 

I want to copy database file from B to A

 

for that I have NFS mount filesystem of A to B thru SAM.

 

But when I tried to copy file B to A thru cp command it gives following error

 

cp: cannot create /dr1/drcpy.sh: Permission denied

 

I have al share folder in server A whiich is mounted on dr1 on B server

 

Thanks in advance,

 

Nirav

 

 

1 REPLY
Matti_Kurkela
Honored Contributor

Re: Not able to cpy files to NFS mount

By default, a NFS mount will not recognize the privileges of the root user of the NFS client - in effect, the userID of the root user of the NFS client system is mapped to "nobody" when writing to the NFS filesystem.

 

You should create a group with the same name and GID number on both servers, then use root on server A to allow that group to write to the exported "folder" (the proper Unix term is "directory"). Then you need to add one or more users of server B to that group (secondary group is fine). Then you can write to the shared filesystem using a regular user account.

 

You can also use a group that already exists, like "dba" - the important thing is that the GID number of the group must be the same in both servers. (If you are using a centralized user database like NIS or LDAP, this should be always true for groups defined in the centralized database.)

 

It is also possible to allow the root of server B to write to the shared directory, but this has security implications: if this is done and an unauthorized person gets root access on server B, the shared directory with root access would make it easy for the unauthorized person to get root access on server A too. In general, you should design your permissions so that a database administrator would not require root access for routine database operations.

 

For example, assuming that GID 333 is unused in both servers and we wish to use "dbcopy" as the name of the group and "vat" is your username:

root@serverA # groupadd -g 333 dbcopy
root@serverA # chgrp dbcopy /the/exported/folder
root@serverA # chmod g+rwx /the/exported/folder

root@serverB # groupadd -g 333 dbcopy
root@serverB # usermod -G dbcopy vat

Testing:
root@serverB # su - vat
vat@serverB $ groups
users dbcopy
vat@serverB $ touch /dr1/test
MK