NetApp NFS to RHEL 6 - mounts but can't write
So I've got an NFS share setup on my NetApp, I can get it to mount, but I get permission denied when I try to write to the mountpoint. I'm really scratching my head on this one and could use a shove in the right direction.
A little info: mount shows: 172.16.114.6:/vol/pubprod_nfs_store on /var/www/marketing type nfs (rw,proto=tcp,vers=4,addr=172.16.114.6,clientaddr=172.16.121.94) This is the command I used to mount it: mount -o proto=tcp -t nfs 172.16.114.6:/vol/pubprod_nfs_store /var/www/marketing In /etc/exports: /vol/pubprod_nfs_store 172.16.121.94(rw,anonuid=48,anongid=48) In /etc/fstab: 172.16.114.6:/vol/prodpub_nfs_store /var/www/marketing nfs4 sync,rsize=1024,wsize=1024,suid,rw,auto,_netdev 1 2 And this is what it looks like when I mount it: [root@granthampub www]# pwd /var/www [root@granthampub www]# ls -l total 20 drwxr-xr-x. 2 apache apache 4096 Feb 7 08:51 cgi-bin drwxr-xr-x. 3 apache apache 4096 Mar 20 10:22 error drwxr-xr-x. 2 apache apache 4096 Feb 7 08:51 html drwxr-xr-x. 3 apache apache 4096 Mar 20 10:22 icons drwxr-xr-x. 3 apache nobody 4096 May 11 14:43 marketing One thing I notice, sometimes the UID gets set to apache instead of nobody, and other times the group gets set to apache instead of nobody, but never have I seen BOTH set to apache (uid and gid 48) If I cd to marketing, and try to write I get the following: [root@granthampub www]# cd marketing/ [root@granthampub marketing]# touch test touch: cannot touch `test': Permission denied [root@granthampub marketing]# ls -l total 0 [root@granthampub marketing]# So what gives? Any ideas? |
A little more info
So I did an strace, and I'm guessing it has something to do with an anonymous mapping, and it's being set to deny, when I try to touch a file I see the following:
execve("/bin/touch", ["touch", "test"], [/* 22 vars */]) = 0 brk(0) = 0xd0a000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08ee1000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=14652, ...}) = 0 mmap(NULL, 14652, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea08edd000 close(3) = 0 open("/lib64/librt.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@!\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=43832, ...}) = 0 mmap(NULL, 2128816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea08abb000 mprotect(0x7fea08ac2000, 2093056, PROT_NONE) = 0 mmap(0x7fea08cc1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fea08cc1000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1903208, ...}) = 0 mmap(NULL, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea0872b000 mprotect(0x7fea088b1000, 2097152, PROT_NONE) = 0 mmap(0x7fea08ab1000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x7fea08ab1000 mmap(0x7fea08ab6000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea08ab6000 close(3) = 0 open("/lib64/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \\\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=138328, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08edc000 mmap(NULL, 2208672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea0850f000 mprotect(0x7fea08526000, 2093056, PROT_NONE) = 0 mmap(0x7fea08725000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fea08725000 mmap(0x7fea08727000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea08727000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08edb000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea08eda000 arch_prctl(ARCH_SET_FS, 0x7fea08edb700) = 0 |
Not sure how much you know about NFS, but
1. nfs shares are by uid/gid ie they must be the same numeric value on both sides to work properly. user/group names are irrelevant. 2. the default option when exporting is root_squash; effectively setting remote (on client side) root to nobody or equiv to avoid leaving a gaping security hole.... HTH :) |
All times are GMT -5. The time now is 11:57 AM. |