nfs mount: permission denied

nocturna_gr · 07-16-2005, 05:38 PM

I have searched google and found many sites refering to " permission denied" when trying to mount an nfs partition in a client, but i haven't come up with a solution yet.

First i desabled my "firestarter" firewall in both the client and the server of my network (both server and client run Fedora Core 4):

client /etc/fstab:

Code:

LABEL=/1                /                       ext3    defaults        1 1
/dev/devpts             /dev/pts                devpts  gid=5,mode=620  0 0
/dev/shm                /dev/shm                tmpfs   defaults        0 0
LABEL=/home             /home                   ext3    defaults        1 2
/dev/proc               /proc                   proc    defaults        0 0
/dev/sys                /sys                    sysfs   defaults        0 0
LABEL=SWAP-hda5         swap                    swap    defaults        0 0
/dev/hda1               /win                    ntfs    defaults,auto   0 0
/dev/hda6               /back                   ext3    defaults,auto,exec
0 0
10.0.0.3:/var/ftp       /shared                 nfs4    proto=tcp,hard,intr
0 0
#10.0.0.3:/var/ftp      /shared                 nfs     rw              
0 0
/dev/fd0                /media/floppy           auto    pamconsole,exec,noauto,m
anaged 0 0
/dev/hdd                /media/cdrom            auto    pamconsole,exec,noauto,m
anaged 0 0
/dev/hdc                /media/cdrecorder       auto    pamconsole,exec,noauto,m
anaged 0 0

/etc/exports on server:
/var/ftp -maproot=0 10.0.0.3(rw)

I haven't setup any hosts.allow and hosts.deny yet.

Code:

[root@alexandros extras]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32768  status
    100024    1   tcp  32769  status
    100011    1   udp    820  rquotad
    100011    2   udp    820  rquotad
    100011    1   tcp    823  rquotad
    100011    2   tcp    823  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32771  nlockmgr
    100021    3   udp  32771  nlockmgr
    100021    4   udp  32771  nlockmgr
    100021    1   tcp  32775  nlockmgr
    100021    3   tcp  32775  nlockmgr
    100021    4   tcp  32775  nlockmgr
    100005    1   udp    831  mountd
    100005    1   tcp    834  mountd
    100005    2   udp    831  mountd
    100005    2   tcp    834  mountd
    100005    3   udp    831  mountd
    100005    3   tcp    834  mountd

Any remarks?

Tinkster · 07-16-2005, 06:05 PM

Quote:

Originally posted by nocturna_gr
/etc/exports on server:
/var/ftp -maproot=0 10.0.0.3(rw)

Maybe that's a RH specific extension ... I've never
seen an exports with
-maproot=0
before ... and man exports has no mention of that flag.

Cheers,
Tink

nocturna_gr · 07-16-2005, 06:13 PM

Quote:

Originally posted by Tinkster
Maybe that's a RH specific extension ... I've never
seen an exports with
-maproot=0
before ... and man exports has no mention of that flag.

Cheers,
Tink

I've found it here:
http://www.bsdatwork.com/2002/02/21/understanding_nfs/
" # su # cd serverhome # rm usersetup.png override rw-r--r-- root/mwlucas for usersetup.png? y rm: usersetup.png: Permission denied #
But I'm root! Why would it not let me delete a file?
I'm root on the client, but not on the server. The server doesn't trust root on other machines to execute commands as root on the server. It does trust usernames, however. NFS has a special option for handling root; you can map requests from root to any other username. For example, you might say that all requests from "root" on a client will run as "nfsroot" on the server. With careful use of groups, you could allow this nfsroot user to have limited access to things. Use the -maproot option to map root to another user."

Tinkster · 07-16-2005, 06:45 PM

man exports
/maproot

Do you find that string in YOUR man page?
What you find on a BSD website may be irrelevant to
what you're doing.

mhallbiai · 07-16-2005, 07:10 PM

i agree with Tinkster about the maproot option.

if you are wanting root's uid to be 0 (which it should already be), why not use the no_root_squash option

Code:

/var/ftp 10.0.0.3(rw,no_root_squash)

hope this helps

nocturna_gr · 07-17-2005, 06:27 AM

Quote:

Originally posted by mhallbiai
i agree with Tinkster about the maproot option.

if you are wanting root's uid to be 0 (which it should already be), why not use the no_root_squash option

Code:

/var/ftp 10.0.0.3(rw,no_root_squash)

hope this helps

I did it, restarted nfs (/etc/init.d/nfs restart) and "mount -a" gives me this:
[root@polideukis kostas]# mount -a
mount: block device 10.0.0.3:/var/ftp is write-protected, mounting read-only
mount: cannot mount block device 10.0.0.3:/var/ftp read-only

I thought NFS has standard commands/paramaters -although different implementation, that's is why i use the BSD page as a resource.

mhallbiai · 07-17-2005, 09:59 AM

are you able to mount it manually?
mount -t nfs -o rw 10.0.0.3:/var/ftp /shared

nocturna_gr · 07-17-2005, 10:57 AM

Quote:

Originally posted by mhallbiai
are you able to mount it manually?
mount -t nfs -o rw 10.0.0.3:/var/ftp /shared

[root@polideukis kostas]# mount -t nfs -o rw 10.0.0.3:/var/ftp /shared
mount: 10.0.0.3:/var/ftp failed, reason given by server: Permission denied
[root@polideukis kostas]#

Tinkster · 07-17-2005, 01:28 PM

I'm a bit baffled :}

What does exportfs on the server say (called by itself)?

Also, what do the servers logs say in regards to the connection
attempts?

Cheers,
Tink

nocturna_gr · 07-17-2005, 05:11 PM

I tried to erase irrelevant info from /var/log/messages:

Quote:

Jul 17 02:18:17 alexandros syslogd 1.4.1: restart.
Jul 17 02:20:54 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 02:20:58 alexandros kernel: nfsd: last server has exited
Jul 17 02:20:58 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 02:20:59 alexandros exportfs[3799]: No options for /var/ftp -maproot=0: suggest -maproot=0(sync) to avoid warning
Jul 17 02:20:59 alexandros exportfs[3799]: -maproot=0 has non-inet addr
Jul 17 02:20:59 alexandros exportfs[3799]: -maproot=0 has non-inet addr
Jul 17 02:20:59 alexandros exportfs[3799]: /etc/exports [1]: No 'sync' or 'async' option specified for export "10.0.0.1:/var/ftp". Assuming default behaviour ('sync'). NOTE: this default has changed from previous versions
Jul 17 02:20:59 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 02:21:26 alexandros kernel: nfs4_cb: server 10.0.0.1 not responding, timed out
Jul 17 02:23:21 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 02:23:25 alexandros kernel: nfsd: last server has exited
Jul 17 02:23:25 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 02:23:26 alexandros exportfs[3887]: No options for /var/ftp -maproot=0: suggest -maproot=0(sync) to avoid warning
Jul 17 02:23:26 alexandros exportfs[3887]: -maproot=0 has non-inet addr
Jul 17 02:23:26 alexandros exportfs[3887]: -maproot=0 has non-inet addr
Jul 17 02:23:26 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 02:24:14 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 02:24:18 alexandros kernel: nfsd: last server has exited
Jul 17 02:24:18 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 02:24:18 alexandros exportfs[3962]: No options for /var/ftp -maproot=0: suggest -maproot=0(sync) to avoid warning
Jul 17 02:24:18 alexandros exportfs[3962]: -maproot=0 has non-inet addr
Jul 17 02:24:18 alexandros exportfs[3962]: -maproot=0 has non-inet addr
Jul 17 02:24:18 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 02:24:36 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 02:24:40 alexandros kernel: nfsd: last server has exited
Jul 17 02:24:40 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 02:24:40 alexandros exportfs[4033]: No options for /var/ftp -maproot=0: suggest -maproot=0(sync) to avoid warning
Jul 17 02:24:40 alexandros exportfs[4033]: -maproot=0 has non-inet addr
Jul 17 02:24:40 alexandros exportfs[4033]: -maproot=0 has non-inet addr
Jul 17 02:24:40 alexandros exportfs[4033]: /etc/exports [1]: No 'sync' or 'async' option specified for export "10.0.0.3:/var/ftp". Assuming default behaviour ('sync'). NOTE: this default has changed from previous versions
Jul 17 02:24:40 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 02:25:33 alexandros rpc.mountd: authenticated mount request from alexandros.lan:850 for /var/ftp (/var/ftp)
Jul 17 02:25:47 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
Jul 17 02:30:38 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
Jul 17 02:30:59 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
......................
Jul 17 07:52:00 alexandros shutdown: shutting down for system halt
Jul 17 07:52:00 alexandros init: Switching to runlevel: 0
Jul 17 07:52:02 alexandros xfs[2310]: terminating
Jul 17 07:52:03 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 07:52:07 alexandros kernel: nfsd: last server has exited
Jul 17 07:52:07 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 07:52:11 alexandros rpc.statd[1873]: Caught signal 15, un-registering and exiting.
Jul 17 07:52:11 alexandros auditd[1887]: The audit daemon is exiting.
......................
Jul 17 19:09:59 alexandros exportfs[2190]: No options for /var/ftp -maproot=0: suggest -maproot=0(sync) to avoid warning
Jul 17 19:09:59 alexandros exportfs[2190]: -maproot=0 has non-inet addr
Jul 17 19:09:59 alexandros exportfs[2190]: -maproot=0 has non-inet addr
Jul 17 19:09:59 alexandros exportfs[2190]: /etc/exports [1]: No 'sync' or 'async' option specified for export "10.0.0.3:/var/ftp". Assuming default behaviour ('sync'). NOTE: this default has changed from previous versions
Jul 17 19:09:59 alexandros kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
Jul 17 19:09:59 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 19:10:00 alexandros gpm[2264]: *** info [startup.c(95)]:
.....................
Jul 17 19:19:28 alexandros sshd(pam_unix)[2603]: session opened for user root by root(uid=0)
Jul 17 19:22:22 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 19:22:26 alexandros kernel: nfsd: last server has exited
Jul 17 19:22:26 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 19:22:26 alexandros exportfs[2710]: /etc/exports:1: syntax error: bad option list
Jul 17 19:22:26 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 19:22:55 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 19:23:00 alexandros kernel: nfsd: last server has exited
Jul 17 19:23:00 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 19:23:00 alexandros kernel: RPC: failed to contact portmap (errno -5).
Jul 17 19:23:00 alexandros exportfs[2786]: /etc/exports [1]: No 'sync' or 'async' option specified for export "10.0.0.3:/var/ftp". Assuming default behaviour ('sync'). NOTE: this default has changed from previous versions
Jul 17 19:23:00 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 19:29:11 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 19:29:15 alexandros kernel: nfsd: last server has exited
Jul 17 19:29:15 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 19:29:15 alexandros kernel: RPC: failed to contact portmap (errno -5).
Jul 17 19:29:16 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
......................
Jul 17 21:09:16 alexandros named[4019]: running
......................
Jul 17 23:53:48 alexandros sshd(pam_unix)[5425]: session opened for user root by root(uid=0)
Jul 17 23:57:55 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
Jul 17 23:58:01 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
Jul 17 23:59:35 alexandros rpc.mountd: Caught signal 15, un-registering and exiting.
Jul 17 23:59:39 alexandros kernel: nfsd: last server has exited
Jul 17 23:59:39 alexandros kernel: nfsd: unexporting all filesystems
Jul 17 23:59:39 alexandros kernel: RPC: failed to contact portmap (errno -5).
Jul 17 23:59:40 alexandros exportfs[5563]: /etc/exports [1]: No 'sync' or 'async' option specified for export "10.0.0.3:/var/ftp". Assuming default behaviour ('sync'). NOTE: this default has changed from previous versions
Jul 17 23:59:40 alexandros rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
Jul 17 23:59:52 alexandros rpc.mountd: mount request from unknown host 10.0.0.1 for /var/ftp (/var/ftp)
......................

Quote:

[root@alexandros debug]# exportfs
/var/ftp alexandros.lan

I haven't found any other nfs log files. Is there something else?

mhallbiai · 07-17-2005, 05:17 PM

i think i may have it. from the output it looks like the server is ip 10.0.0.3 and client is 10.0.0.1
in your original post you indicated

Quote:

/etc/exports on server:
/var/ftp -maproot=0 10.0.0.3(rw)

if this is the case then /etc/exports should have /var/ftp 10.0.0.1(rw,no_root_squash) ... the ip of the client mounting the export

hope this helps

nocturna_gr · 07-18-2005, 07:17 AM

Thanks a lot mhallbiai, that was it!
Sorry for not providing the IP of the server from the beginning. I will be more specific next time.

danxx · 10-27-2006, 02:20 AM

Here's another cause for mount ... failed, reason given by server: Permission denied. I'm giving this for the benefit of others.

For me, it was a problem with /etc/exports:

/backup.local/ 10.0.0.13(rw,root_squash,sync)

/backup.local/ 10.0.0.*(rw,root_squash,sync)

I was trying to export from 10.0.0.15 to 10.0.0.13. Not until I added the first line above with .13 on the server, .15, and typed exportfs -ra did the error stopped. The last line was in error. Wildcards ("*") aren't allowed for IP addresses, only for hostnames (such as *.foo.com), but you can use CADR-type address/length, such as 10.0.0.0/24 in the above example. It's all in the exports(5) man page.

Other solutions were to make sure your hostname was defined (if you used hostnames instead of IPs) and that your nfs client and server ports were open on the client and server, respectively. You may want to disable the firewall during setup and testing until it's working.

lpx · 02-12-2007, 12:07 PM

Hi people,

I can see that i'm not the only one having madness issues with permission denined when mounting.

I'm not using direct NFS. If i use it there is no problem.

I'm using something between called GVFS. GVFS has the ability to change mount a directory which has one owner and convert it to another that has another owner! Basicly is about uid/gid conversion within mounts.

I'll always have permission denieds!!

I have tried everything!!

Can you try to help me out... I'm just desperating:

This is what i have:

This is my filesystem:

Code:

ls -la /sfa/
drwxrwxrwx   3 ul13 ul13 4096 Jan 31 19:30 ul13

Code:

ls -la /exports/home/sfa
drwxrwxrwx  2 sfa  sfa  4096 Feb  5 22:16 ul13

This is my config:

/etc/exports

Code:

/export localhost.localdomain(rw)

Modification to init.d/nfs (to make it listen to port 33333) --- Atention! Altough i'm a gentoo user at home, this project involves the use rocks cluster platform. im just trying to get help in my favorite linux forum!

Code:

daemon rpc.mountd -p 33333 -o 4096 $RPCMOUNTDOPTS

/etc/gvfs/n2_exports_mountd.ul13

Code:

/export/home/sfa/ul13   localhost.localdomain

/etc/gvfs/n2_exports_nfsd.ul13

Code:

/export/home/sfa/ul13 localhost.localdomain(rw,map_static=/etc/gvfs/n2_map.ul13)

/etc/gvfs/n2_map.ul13

Code:

uid 501 600
gid 501 600

script to put GVFS running (pnfsn2_test.sh)

Code:

#!/bin/bash
# pnfsn2.sh

U=$1    # LOGIC USER
N=$2    # NFSD UDP PORT
M=$3    # MOUNTD UDP PORT
S=$4    # SERVER PRIVATE IP WHICH RUNS PNFSN1

# GVFS.mountd
/opt/mc/bin/gvfs.mountd -f /etc/gvfs/n2_exports_mountd.ul$U -V 2 -P $M -O 33333 -t udp -H $S

#GVFS.nfsd
/opt/mc/bin/gvfs.nfsd -f /etc/gvfs/n2_exports_nfsd.ul$U -V 2 -P $N -O 2049 -t udp -H $S

script to make the mount (cnfs.sh)

Code:

#!/bin/bash

O=$1 # LOGIC USER
D=$2 # LOGIC USER IN DESTINY
N=$3 # GVFS.NFSD UDP PORT
M=$4 # GVFS.MOUNTD UDP PORT
S=$5 # SERVER PRIVATE IP

mount -t nfs -o port=$N,mountport=$M,vers=2,mountvers=2,udp $S:/export/home/sfa/ul$O /sfa/ul$D

sh /opt/mc/scripts/pnfsn2_test.sh 13 52611 51611 localhost

sh /opt/mc/scripts/cnfs.sh 13 13 52611 51611 localhost
mount: localhost:/export/home/sfa/ul13 failed, reason given by server: Permission denied

Best regards,

Nuno