HPE Community
Operating System - HP-UX
1834383 Members
1844 Online
110066 Solutions
New Discussion

Re: nfs permission issue

 
SOLVED
Go to solution
emily_3
Frequent Advisor

‎07-13-2006 03:14 PM

‎07-13-2006 03:14 PM

nfs permission issue

I have a server exportfs the following directory:
# exportfs
/opt/appl -anon=106

One another server uid=106 tried to do NFS mount:
# mount
:/opt/appl/scripts/SRC1 /opt/appl/scripts
Permission Denied

However the following is successful
# mount
:/opt/appl/scripts /opt/appl/scripts

Can you advice why mount on parents directory is successfully but in sub directory is denied? Thanks.
0 Kudos
Reply
12 REPLIES 12
RAC_1
Honored Contributor

‎07-13-2006 04:01 PM

‎07-13-2006 04:01 PM

Re: nfs permission issue

Little confusion here. When uid 106 tries to mount it gets perms error. Right? And when root tries it mounts. Right? If this is the case it is doing what it should be.

For uid 106 and root, what does showmount -e "nfs_server" says?
There is no substitute to HARDWORK
0 Kudos
Reply
emily_3
Frequent Advisor

‎07-13-2006 04:59 PM

‎07-13-2006 04:59 PM

Re: nfs permission issue

I need to better understanding the meaning of /opt/appl -anon=106
Does the above line means the only uid=106 is allowed to nfs?
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-13-2006 05:36 PM

‎07-13-2006 05:36 PM

Re: nfs permission issue

NO. That means user with that uid is treated a anonlynous user and will be denied access.

man exportfs for details.
There is no substitute to HARDWORK
0 Kudos
Reply
emily_3
Frequent Advisor

‎07-13-2006 05:50 PM

‎07-13-2006 05:50 PM

Re: nfs permission issue

Does that means that only uid=106 is not allowed to access, while root and other uid all can access?
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-13-2006 09:09 PM

‎07-13-2006 09:09 PM

Re: nfs permission issue

No,

that meens uid 106 gets the access rights of 'world', not that of 'owner' with uid 106 at the nfs server.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
emily_3
Frequent Advisor

‎07-13-2006 09:32 PM

‎07-13-2006 09:32 PM

Re: nfs permission issue

In this case, how about the other uid? Can't access the 'world', but can they be allowed to mount the nfs? I am a little bit confused, can explain more in this point?
And what's the root cause for the nfs mount Permission Denied? Thanks.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-13-2006 11:48 PM

‎07-13-2006 11:48 PM

Solution

Re: nfs permission issue

Hi,

you have to differ between
- mounting denied:
that has nothing to do with option '-anon'
- access to files in the filesystem denied

Look at that example:
Server: /exportdir 700 (mode) name106 (user with id 106)

exports: -anon=106

When accessing that directory on a NFSclient
- with an existing userid on the server, but not root and not id 106, you won't get access to that directory
- as root on the client or non-existing userid on the server, or as id 106 you will
get access.

HTH.

mfG Peter
- as root or non-existing
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
emily_3
Frequent Advisor

‎07-16-2006 01:54 PM

‎07-16-2006 01:54 PM

Re: nfs permission issue

Thanks. it looks like my issue is "mount deny" issue not "access issue". As you say it has nothing to do with -anon, what may the root cause of the mount deny?
# mount
:/opt/appl/script/SRC1 /opt/appl/script
Permission Denied

However the following is successful
# mount
:/opt/appl/script /opt/appl/script

For my case, why mount on /opt/appl/script is successful but on /opt/appl/script/SRC1 is denied? Thanks.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-16-2006 09:55 PM

‎07-16-2006 09:55 PM

Re: nfs permission issue

Hi,

if you have mounted the filesystem like you have done in the second case:

Which ids have access to the SRC1 directory on the NFSclient (if any)?

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
emily_3
Frequent Advisor

‎07-16-2006 10:18 PM

‎07-16-2006 10:18 PM

Re: nfs permission issue

if I am not wrong, you want to know after I mount the /opt/appl/script to mount point /opt/appl/script, you want to know the permission of SRC1, correct?
After mount the parent dir successfully, I did "ll" and the output is as following:
# ll /opt/appl/scripts
lrwxrwxr-x 1 root sys 12 Jul 4 10:13 SRC1
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-16-2006 11:44 PM

‎07-16-2006 11:44 PM

Re: nfs permission issue

Hi,

you wrote:
# ll /opt/appl/scripts
lrwxrwxr-x 1 root sys 12 Jul 4 10:13 SRC1

so /opt/appl/scripts/SRC1 is a symbolic link!

You cannot simply mount a symolic link - export and use the directory it points to.

If you want to access a file/directory a symbolic link points to, you must know that the destination of that link is resolved on the NFS-client.

If that text is a relative pathname within the exported directory structure, this will succeed (permissions granted ...).

If this is an absolute link, it depends:
Assume
/opt/appl/scripts/tmp -> /tmp

This will result in an access at a NFS client to its local /tmp directory!

If the link points to something on the NFS-Server which is outside of the exported directory structure, you usually won't get access. You need to setup an additional NFS-export and -mount for that directory the link points to - exactly as the link text gets resolved on the NFS client(s).

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
emily_3
Frequent Advisor

‎07-18-2006 08:26 PM

‎07-18-2006 08:26 PM

Re: nfs permission issue


Ok, I see. thanks.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.