[OpenIndiana-discuss] nfs permission denied

Tim Dunphy bluethundr at gmail.com
Tue May 8 17:07:23 UTC 2012 

Hi Richard,

Thanks for your input. I found that I can share the volume via zfs..
sorry I forgot to mention that this was a zfs pool.

I found that I was able to remove the entry from dfstab and use this
command to share the volume -

 zfs set sharenfs=rw tank/xen

And when I check the result it looks ok -

root at openindiana:~# zfs get sharenfs tank/xen
NAME      PROPERTY  VALUE     SOURCE
tank/xen  sharenfs  rw        local

and now if I look at the nfs server from the client I can see the
share, even tho it's no longer listed in dfstab -


[root at LBSD2:~] #showmount -e nas
Exports list on nas:
/tank/xen                          Everyone

And then I try mounting the share from the client -

[root at LBSD2:~] #mount nas:/tank/xen /mnt/xen

[root at LBSD2:~] #df -h /mnt/xen
Filesystem       Size    Used   Avail Capacity  Mounted on
nas:/tank/xen    1.3T     46K    1.3T     0%    /mnt/xen

But I am still getting the same result when I try to create a file -

[root at LBSD2:~] #touch /mnt/xen/test
touch: /mnt/xen/test: Permission denied

Maybe I'm missing a flag on the zfs set command?

Thanks
Tim









On Tue, May 8, 2012 at 12:05 PM,  <tomte at ulkhyvlers.net> wrote:
> On Tue, May 08, 2012 at 11:43:29AM -0400, Tim Dunphy wrote:
>> Hello,
>>
>>  I'm trying to setup an NFS server under oi 151. So far so good, but
>> there is one hurdle I'd like to overcome regarding security.
>>
>>  The nfs service is running -
>>
>>  root at openindiana:~# svcs -a | grep nfs | grep server
>> online         22:51:58 svc:/network/nfs/server:default
>>
>>
>> And I have one entry in dfstab to test this out -
>>
>> root at openindiana:~# tail /etc/dfs/dfstab
>> # This file is reconstructed and only maintained for backward
>> # compatibility. Configuration lines could be lost.
>> #
>> #       share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
>> #       .e.g,
>> #       share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
>> share -F nfs /tank/xen
>
> [snip]
>
>> However if I test my permissions on the mounted share volume (on the
>> client side as root) -
>>
>>  [root at LBSD2:~] #touch /mnt/xen/test
>> touch: /mnt/xen/test: Permission denied
>
> [snip]
>
> From where I am standing you seem to have missed an option for
> nfs... check the manpage for share_nfs.
> specifically the option below.
>
>        root=access_list
>
>        Only  root  users  from  the  hosts   specified   in
>        access_list have root access. See access_list below.
>        By default, no host has root access, so  root  users
>        are mapped to an anonymous user ID (see the anon=uid
>        option described above). Netgroups can  be  used  if
>        the  file system shared is using UNIX authentication
>        ( AUTH_SYS).
>
> If you havent got that one, root on your bsdbox will be remapped to
> anonymous and then it bites you in the rear ;)
>
> // Richard
>
> --
> "Its hard to be religious when certain people are never
> incinerated by bolts of lightning."
>
> - Calvin & Hobbes
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

More information about the OpenIndiana-discuss mailing list