[OpenIndiana-discuss] nfs permission denied

Tim Dunphy bluethundr at gmail.com
Tue May 8 15:43:29 UTC 2012 

Hello,

 I'm trying to setup an NFS server under oi 151. So far so good, but
there is one hurdle I'd like to overcome regarding security.

 The nfs service is running -

 root at openindiana:~# svcs -a | grep nfs | grep server
online         22:51:58 svc:/network/nfs/server:default


And I have one entry in dfstab to test this out -

root at openindiana:~# tail /etc/dfs/dfstab
# This file is reconstructed and only maintained for backward
# compatibility. Configuration lines could be lost.
#
#       share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
#       .e.g,
#       share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
share -F nfs /tank/xen

>From what I've read the default for entries in dfstab is that the
shares will be available rw (read/write).

If I go to the client  (FreeBSD 8.2) and test, I can see the mount -

[root at LBSD2:~] #showmount -e nas
Exports list on nas:
/tank/xen                          Everyone

And.. I can mount the share -

[root at LBSD2:~] #mount nas:/tank/xen /mnt/xen

[root at LBSD2:~] #df -h /mnt/xen
Filesystem       Size    Used   Avail Capacity  Mounted on
nas:/tank/xen    1.3T     45K    1.3T     0%    /mnt/xen

However if I test my permissions on the mounted share volume (on the
client side as root) -

 [root at LBSD2:~] #touch /mnt/xen/test
touch: /mnt/xen/test: Permission denied

I get permission denied. I notice on the (oi) server, the permissions
look fine -

root at openindiana:~# ls -l /tank | grep xen
drwxr-xr-x   2 root     root           2 May  7 22:58 xen

So I tried incrementally loosening up permissions -

server : root at openindiana:~# chmod 775 /tank/xen

once again on the client:

 [root at LBSD2:~] #touch /mnt/xen/test
touch: /mnt/xen/test: Permission denied

And it doesn't work until I open up the directory on the server to world -

server: root at openindiana:~# chmod 777 /tank/xen

[root at LBSD2:~] #touch /mnt/xen/test
[root at LBSD2:~] #echo hi > /mnt/xen/test
[root at LBSD2:~] #cat /mnt/xen/test
hi

Obviously this is a situation I should correct if I can. : )

Thanks in advance and best regards,
Tim

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

More information about the OpenIndiana-discuss mailing list