HPE Community
Operating System - HP-UX
1837179 Members
2780 Online
110113 Solutions
New Discussion

11.31 NFS permission deny

 
lin.chen
Frequent Advisor

‎07-07-2008 01:55 AM

‎07-07-2008 01:55 AM

11.31 NFS permission deny

Dear All,
In NFS server:
vi /etc/dfs/dfstab
share -F nfs /tmp
share -F nfs /opt

In NFS client:( it is 11.31 too)
mount server:/tmp /mountpoint1
touch newfile <<<
mount server:/opt /mountpoint2
touch newfile <<< newfile="" cannot="" create="">
I found the problem is different permission of "/tmp and /opt" of nfs server.
If I change the permission of /opt, I can also touch the file.
Could you give some suggest to let client has read write permission when mount "/opt of NFS server".
Actually I did not want to change the permission of /opt of NFS server.
Thanks, Louis
0 Kudos
Reply
7 REPLIES 7
Rasheed Tamton
Honored Contributor

‎07-07-2008 02:59 AM

‎07-07-2008 02:59 AM

Re: 11.31 NFS permission deny

Hi Louis,

I do not think that you can change the NFS server permission from the client side. It nulls all the security if you can change the permission from the client side.

What exportfs command you used to export the FS.

Regards,
Rasheed Tamton.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-07-2008 03:06 AM

‎07-07-2008 03:06 AM

Re: 11.31 NFS permission deny

Shalom,

showmount -e hostname_of_server

To see what mount points are available.

Then check permissions on the server.

Sharing /tmp should not be a problem but there are possible security concerns with sharing /opt

/var/adm/syslog/syslog.log should be checked on the server.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-07-2008 04:58 AM

‎07-07-2008 04:58 AM

Re: 11.31 NFS permission deny

>SEP: Sharing /tmp should not be a problem but there are possible security concerns with sharing /opt

If you export /opt as readonly it should be fine. That's how NFS diskless worked.
0 Kudos
Reply
lin.chen
Frequent Advisor

‎07-07-2008 07:01 AM

‎07-07-2008 07:01 AM

Re: 11.31 NFS permission deny

Thanks a lot for your reply.
"/tmp and /opt" just is example.
I mean if the directory need to share did not has the "write permission" for Others.How can mount it from client with "read and write" permission?
0 Kudos
Reply
tom quach_1
Super Advisor

‎07-07-2008 07:06 PM

‎07-07-2008 07:06 PM

Re: 11.31 NFS permission deny

Hi Lin,


you may want to change permission on /opt itself.
if /opt has this permission, then no one could write to it even you have -o rw
dr-xr-xr-x 100 bin bin 3072 Apr 25 16:05 /opt


In NFS server:
vi /etc/dfs/dfstab
share -F nfs /tmp
share -F nfs -o rw /opt

Tom,
0 Kudos
Reply
Dave Olker
Neighborhood Moderator

‎07-07-2008 07:21 PM

‎07-07-2008 07:21 PM

Re: 11.31 NFS permission deny

Hi Louis,

The question is: what users are trying to create files in /opt on the NFS server? Was this the root user on the client that was unable to create files in /opt until you opened up the permissions on the server's directory? When you opened up the /opt directory permissions and the user was able to create a file, what was the uid/gid of the file that was created? I'm wondering if they were -2.

If that's the case you could get around that problem by sharing the filesystem with a root= list that includes the client's fully-qualified hostname. That would tell the server to treat requests originating from the root user on the client as a root user on the server rather than re-mapping the UID/GID to -2.

If you're wanting normal users to be able to create files in /opt on the server then you'd likely have to open up the permissions of the directory on the server, just as you would if you wanted these users to create files in /opt on the local system.

Regards,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-08-2008 03:28 AM

‎07-08-2008 03:28 AM

Re: 11.31 NFS permission deny

>I mean if the directory need to share did not has the "write permission" for Others. How can mount it from client with "read and write" permission?

You have N barriers:
1) The permission of the file.
(Not a problem if you own the file since you can change it. If you are root, you can su and be the owner, unless owner is root and you have root set to less than nobody. ;-)
2) How the filesystem is mounted.
3) How the filesystem is exported.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.