LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   NetApp NFS to RHEL 6 - mounts but can't write (https://www.linuxquestions.org/questions/linux-enterprise-47/netapp-nfs-to-rhel-6-mounts-but-cant-write-945098/)

jpeery 05-15-2012 11:00 AM
NetApp NFS to RHEL 6 - mounts but can't write
 
So I've got an NFS share setup on my NetApp, I can get it to mount, but I get permission denied when I try to write to the mountpoint. I'm really scratching my head on this one and could use a shove in the right direction.
A little info:
mount shows:
172.16.114.6:/vol/pubprod_nfs_store on /var/www/marketing type nfs (rw,proto=tcp,vers=4,addr=172.16.114.6,clientaddr=172.16.121.94)
This is the command I used to mount it:
mount -o proto=tcp -t nfs 172.16.114.6:/vol/pubprod_nfs_store /var/www/marketing

In /etc/exports:
/vol/pubprod_nfs_store 172.16.121.94(rw,anonuid=48,anongid=48)

In /etc/fstab:
172.16.114.6:/vol/prodpub_nfs_store /var/www/marketing nfs4 sync,rsize=1024,wsize=1024,suid,rw,auto,_netdev 1 2

And this is what it looks like when I mount it:

[root@granthampub www]# pwd
/var/www
[root@granthampub www]# ls -l
total 20
drwxr-xr-x. 2 apache apache 4096 Feb 7 08:51 cgi-bin
drwxr-xr-x. 3 apache apache 4096 Mar 20 10:22 error
drwxr-xr-x. 2 apache apache 4096 Feb 7 08:51 html
drwxr-xr-x. 3 apache apache 4096 Mar 20 10:22 icons
drwxr-xr-x. 3 apache nobody 4096 May 11 14:43 marketing

One thing I notice, sometimes the UID gets set to apache instead of nobody, and other times the group gets set to apache instead of nobody, but never have I seen BOTH set to apache (uid and gid 48)
If I cd to marketing, and try to write I get the following:

[root@granthampub www]# cd marketing/
[root@granthampub marketing]# touch test
touch: cannot touch `test': Permission denied
[root@granthampub marketing]# ls -l
total 0
[root@granthampub marketing]#


So what gives? Any ideas?

jpeery 05-15-2012 12:39 PM
A little more info
 
So I did an strace, and I'm guessing it has something to do with an anonymous mapping, and it's being set to deny, when I try to touch a file I see the following:

execve("/bin/touch", ["touch", "test"], [/* 22 vars */]) = 0
brk(0) = 0xd0a000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08ee1000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=14652, ...}) = 0
mmap(NULL, 14652, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea08edd000
close(3) = 0
open("/lib64/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=43832, ...}) = 0
mmap(NULL, 2128816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea08abb000
mprotect(0x7fea08ac2000, 2093056, PROT_NONE) = 0
mmap(0x7fea08cc1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fea08cc1000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1903208, ...}) = 0
mmap(NULL, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea0872b000
mprotect(0x7fea088b1000, 2097152, PROT_NONE) = 0
mmap(0x7fea08ab1000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x7fea08ab1000
mmap(0x7fea08ab6000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea08ab6000
close(3) = 0
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \\\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=138328, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08edc000
mmap(NULL, 2208672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea0850f000
mprotect(0x7fea08526000, 2093056, PROT_NONE) = 0
mmap(0x7fea08725000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fea08725000
mmap(0x7fea08727000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea08727000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08edb000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08eda000
arch_prctl(ARCH_SET_FS, 0x7fea08edb700) = 0

chrism01 05-23-2012 12:39 AM
Not sure how much you know about NFS, but

1. nfs shares are by uid/gid ie they must be the same numeric value on both sides to work properly.
user/group names are irrelevant.

2. the default option when exporting is root_squash; effectively setting remote (on client side) root to nobody or equiv to avoid leaving a gaping security hole....

HTH :)


All times are GMT -5. The time now is 11:57 AM.