LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Many questions NFS (https://www.linuxquestions.org/questions/linux-newbie-8/many-questions-nfs-4175455609/)

thirstonlinux 03-26-2013 12:45 AM
Many questions NFS
 
Q1. I tried to configure NFS on client and server and had the following issue.

In Server config file /etc/exports

/var/log client1(rw)

In the client I mounted the file system

#mount -t nfs server:/var/log /mnt

when I try to view the files I am able to view them and read the contents of the file.

When I try to make any changes in the existing file, or create a new file, or delete a existing file, I am getting an error message saying "Only root can do that" or something like "Permission Denied"

Let me know what is wrong here. I mounted the NFS from client as root and accessing the files as a normal user.

anotherlinuxuser 03-26-2013 01:45 AM
You don't mention the Linux distro you're using, so I cannot say for sure, but most distros set the permissions for /var/log and its contents to the owner and group of root:root. Some files and dirs within /var/log are owned by special users. Like 'cups' for the print scheduler logs, etc, but most, if not all, files cannot be modified by regular users. This is basic security so a non-root user cannot delete/modify lines in log files in an attempt to hide bad behaviour.

Also, many files within /var/log are in a opened state by the running process(es) (OS services) that are writing to them, again, like cups, the print scheduler, holds its log files open, so it can write to them quicker. Modifying a log file that is open by a process can cause problems for the process because it may decide its log file is being tampered with.

Attempting to change the permissions on files in /var/log is a bad idea because processes will either not be able, or will refuse, to write to log files with incorrect permissions.

Unless there are good reasons to have the file you want to modify in /var/log, I suggest creating a directory somewhere else in the file system, and share out that directory. You can set the owner of that directory and its contents to the user that will access the files, and NFS will work for you. Keep in mind that the 'user' must have the same uid on both the client and server. In other words, make sure the entries in /etc/passwd on both systems have the same number in field 3 for your user.

Otherwise, to modify files in /var/log, you will need to add to the line in /etc/exports:
/var/log client1(rw,no_root_squash)
and access files from the client as 'root', but I really cannot recommend this.

Skaperen 03-26-2013 01:47 AM
You want to disable the "root_squash" option (maps uid 0 to user nobody). Do this in your /etc/exports file:
Code:
/var/log client1(rw,no_root_squash)
You now have a security hole and need to make sure you restrict access by IP or host, and make sure no one who is untrusted can run on that LAN.

thirstonlinux 03-26-2013 05:07 AM
Here is the thing I mounted the /Some/Directoy.
Now I am facing the same issue.

thirstonlinux 03-26-2013 05:32 AM
What are the daemons nfs will start


All times are GMT -5. The time now is 12:01 AM.