[OpenIndiana-discuss] nfs permission denied
tomte at ulkhyvlers.net
tomte at ulkhyvlers.net
Tue May 8 16:05:50 UTC 2012
On Tue, May 08, 2012 at 11:43:29AM -0400, Tim Dunphy wrote:
> Hello,
>
> I'm trying to setup an NFS server under oi 151. So far so good, but
> there is one hurdle I'd like to overcome regarding security.
>
> The nfs service is running -
>
> root at openindiana:~# svcs -a | grep nfs | grep server
> online 22:51:58 svc:/network/nfs/server:default
>
>
> And I have one entry in dfstab to test this out -
>
> root at openindiana:~# tail /etc/dfs/dfstab
> # This file is reconstructed and only maintained for backward
> # compatibility. Configuration lines could be lost.
> #
> # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
> # .e.g,
> # share -F nfs -o rw=engineering -d "home dirs" /export/home2
> share -F nfs /tank/xen
[snip]
> However if I test my permissions on the mounted share volume (on the
> client side as root) -
>
> [root at LBSD2:~] #touch /mnt/xen/test
> touch: /mnt/xen/test: Permission denied
[snip]
>From where I am standing you seem to have missed an option for
nfs... check the manpage for share_nfs.
specifically the option below.
root=access_list
Only root users from the hosts specified in
access_list have root access. See access_list below.
By default, no host has root access, so root users
are mapped to an anonymous user ID (see the anon=uid
option described above). Netgroups can be used if
the file system shared is using UNIX authentication
( AUTH_SYS).
If you havent got that one, root on your bsdbox will be remapped to
anonymous and then it bites you in the rear ;)
// Richard
--
"Its hard to be religious when certain people are never
incinerated by bolts of lightning."
- Calvin & Hobbes
More information about the OpenIndiana-discuss
mailing list