HPE Community
Operating System - Linux
1832922 Members
2653 Online
110048 Solutions
New Discussion

NFS mount from HP Unix 11.31 to RHEL 4.4 -- write : Permission denied

 
ManojK_1
Valued Contributor

‎11-24-2010 09:50 PM

‎11-24-2010 09:50 PM

NFS mount from HP Unix 11.31 to RHEL 4.4 -- write : Permission denied

Hi,

I have mounted volume "/backup" from HP Unix 11.31 to RHEL Server on "/data" via NFS.After mounting while trying to create folder test in /data am getting the error " mkdir: cannot create directory `/data/test': Permission denied"

In NFS Server i have given the NFS export command as 'share -F nfs -o access=10.1.1.10 /backup'

and in NFS client (Linux) i have entered the following entry in /etc/fstab."10.1.1.10:/backup /data nfs nfsvers=3,rw 0 0"
/backup permission in HP Unix was 755.

Then i have changed /backup permission to 777 after that am able to create files folders in nfs clinet (/data).
But we don't want to give permission 777 in NFS Server.How can i achieve this?

Manoj K
Thanks and Regards,
Manoj K
0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎11-25-2010 12:31 AM

‎11-25-2010 12:31 AM

Re: NFS mount from HP Unix 11.31 to RHEL 4.4 -- write : Permission denied

I guess you're trying to create files to /data when running as root.

To protect the NFS server in case a NFS client is hacked, the root user of the NFS client has no privileges on the NFS shares by default. Instead, the root user is equivalent to "nobody". All the other users will work normally... *if* the users' UID numbers are the same on the client as on the server.

If you really must allow the root of the NFS client to access the share with full root privileges, you should add the option "root=" to the share command on the NFS server.

But the best practice would be to allow regular users access the NFS share as appropriate, using the user and group permissions. You should not run applications as root on the NFS client; if an application needs to run when there are no users logged in, you should set up a specific application userid for it and grant it the appropriate group membership if it needs to access the NFS share.

In short, that would require:
- setting up a group with the same GID number on both the server and the client (example group name: "backup")
- setting the permissions of /backup on the NFS server to 2775 (or 2770 if you prefer) and group ownership to "backup"
- adding the users to the "backup" group as appropriate

Note: the "2" in permissions 2775 makes the group ownership inheritable from the parent directory: all the new files and sub-directories created on the NFS share will have their group ownership set to "backup" automatically. The sub-directories will also automatically inherit the "2" for their permission settings.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.