LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-29-2005, 10:39 AM   #1
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Rep: Reputation: 30
Question NFS and permission trouble


Hey all,

Running into a bit of a weird problem with a Linux file server and an NFS share. The file server has a handful of other Linux systems mapped to it using NFS, and things work great for the most part. As each Linux system connecting to the file server is a production processing system, the share for each is set up the same way and maps them all to the same user/group combo. That all works great, but now there is 1 folder that is pretty locked down needs to be accessible by the other processing systems, but no matter what I've done so far, the folder is always unreadable and kicks back a 'permission denied' when even trying to change to that folder.

Current setup on the file server exports file looks like this for each processing system (substitute the appropriate IP of course):

Code:
/Vol1                    192.168.8.85(rw,sync,all_squash,anonuid=504,anongid=504)
As the file server is running FC2, this file was generated by using the NFS configuration utility.

The folder I'm trying to access is directly under /Vol1, which I can connect to just fine. User 504 on the server is not the owner of the folder, but belongs to the group that's assigned to it, so therefore has full access to it. Permissions on the folder are set to 770 to allow only the owner and group members access.

So, I guess I'm a bit confused as to why, if the user that is being assigned to all systems mounting via NFS are being assigned to user 504, and user 504 has full access to the folder, I'm not able to even view the folder at all from a client system.

I'm sure this is an issue on the file server itself, but I don't know what more to try (short of setting the permissions higher than 770, which I can't do).

Anyone have any ideas? Sorry if I left out any info.. let me know and I'll supply whatever else might be needed.
 
Old 08-29-2005, 06:06 PM   #2
Walman
Member
 
Registered: Jun 2004
Location: Venezuela
Distribution: RHEL ,Centos,Debian,Slax , Solaris
Posts: 94

Rep: Reputation: 15
Hi

Stupid questions

1.- Has the user 504 machine NFS service enable ??

2.- Have you created for user machine mount points for /Vol1 ??

3.- Is the entry on the fstab ??
 
Old 08-30-2005, 07:20 AM   #3
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Original Poster
Rep: Reputation: 30
Hi, thanks for the response. I'll try to answer your questions here:

1. NFS is enabled and is working for many machines. All of my production systems use user 504 when mapping to the file server as I need them to all have the same writes.

2. Yes, mount points are set up on all client systems. As I'd mentioned. NFS is working for all of them currently, just not for this folder.

3. Fstab entries are in place and working for all client systems. For testing, I've also been mounting it manually and unmounting, just to see if any changes I make work.

So, again, the user 504 on the server belongs to the group that has full access to this folder. User 504 is what all systems are set to when connecting via NFS, but when that happens nobody can access said folder. For some reason those group permissions for the user are not getting passed through NFS, and I'm hoping there is a way around that. The server is running Fedora Core 2.

Thanks!
 
Old 08-30-2005, 10:13 AM   #4
pistachio
LQ Newbie
 
Registered: Jul 2005
Location: Barcelona, Spain
Distribution: Slackware 10.1
Posts: 18

Rep: Reputation: 0
Why "all_squash" + anonymous identity for a well known user?

Try to suppress "all_squash" and rename "uanonuid" and "uanongid" to simply "uid" and "gid".
 
Old 08-30-2005, 10:44 AM   #5
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Original Poster
Rep: Reputation: 30
I'm using "all_squash" + anonymous because I wanted to force all these processing systems to connect as the same user. Helps solve a lot of potential permissions issues because they all need to access the same things and have the same rights. According to the man pages I've read, using "all_squash" + anonuid and anongid was the way to do this. The user on the server (504) does not exist on the other systems for security reasons (can't have the same user/pw set up on multiple systems).

So, seeing as how the this is set up, wouldn't removing the "all_squash" line just cause problems? Also, would there be any difference really by changing 'anonuid' and 'anongid' to just 'uid' and 'gid'?
 
Old 09-02-2005, 09:20 AM   #6
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Original Poster
Rep: Reputation: 30
Wanted to bump this before the weekend...

Still trying to figure out why, if the user has full access to a folder because the user belongs to the group the folder is assigned to, then why is it that users connecting to the system through NFS and are treated as the same user cannot access the folder? Is this is limitation of NFS, or could I be doing something wrong?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS Permission Problem tulip4heaven Linux - Networking 5 03-04-2005 02:09 AM
nfs 'permission denied' friendly_guy Slackware 7 01-02-2005 07:24 PM
NFS Permission Trouble tscman Linux - Networking 0 11-24-2004 07:40 AM
NFS - Permission Denied... 15788 Linux - Networking 9 04-06-2003 09:43 AM
Permission Denied NFS graystarr Linux - Networking 9 07-08-2002 05:06 PM


All times are GMT -5. The time now is 02:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration