Unable to chown

niiiro · 07-04-2012, 09:07 AM

Guys,

I have a small network, running with RHEL 5 servers, all configured to work with NIS and NFS sharing.

Anyway, under NFS directories, one user, cannot chown his own files. while at local directories - it works fine.

I even tried to do it through root account - doesn't work neither.

What could be the reasons for that?

Code:

[MPH40100@lx105 ~]$ pwd
/projects/MPH40100

Code:

mp-filer01:/vol/vol2/projects on /projects type nfs (rw,addr=172.29.1.200)

Code:

[MPH40100@lx105 ~]$ ls -l
-rwxrwxrwx  1 MPH40100 test    0 Jul  4 13:43 hello

Code:

[MPH40100@lx105 ~]$ chown eyall:test hello
chown: changing ownership of `hello': Operation not permitted

Code:

[Administrator@lx105 MPH40100]# chown eyall:test hello
chown: changing ownership of `hello': Operation not permitted

Thanks.

jschiwal · 07-04-2012, 09:43 AM

Only root can change the owner of a file. Changing the group is OK if the user/owner is a member of the new group.

Could you post the properties of the containing directory and the entry for the mount in /etc/mtab?

niiiro · 07-04-2012, 10:08 AM

Quote:

Originally Posted by jschiwal

Only root can change the owner of a file. Changing the group is OK if the user/owner is a member of the new group.

Could you post the properties of the containing directory and the entry for the mount in /etc/mtab?

Thanks for your reply jschiwal.

As I mentioned(and posted), even root cannot chown the file. in addition, the user 'MPH40100' is a member of the 'test' group.

/etc/mtab

Code:

mp-filer01:/vol/vol2/projects /projects nfs rw,addr=172.29.1.200 0 0

suicidaleggroll · 07-04-2012, 10:14 AM

Quote:

Originally Posted by niiiro

Thanks for your reply jschiwal.

As I mentioned(and posted), even root cannot chown the file.

root on machine B doesn't have the same permissions as root on machine A when working on machine A's files through NFS. As far as machine A (the machine actually hosting the files) is concerned, root on machine B is just another regular user with regular permissions.

Make sure your user has the same UID on both machines, the groups have the same GID on both machines, and the user is a member of the same groups on both machines.

vikas027 · 07-05-2012, 09:21 AM

By default NFS maps all requests to the anonymous uid/gid i.e. nfsnobody.

You need to use "no_root_squash" option as given here though not recommended.

Hope this helps.

jschiwal · 07-06-2012, 01:41 AM

Also check the permissions on the parent directory. I'm not sure, but if the sticky bit is set, that might prevent changing ownership, but I doubt that would be the case for root. I'm on a tablet now and can't experiment myself now. I didn't see if root squash was the default. The setting should probably be made explicit in the exports file.

niiiro · 07-08-2012, 09:59 AM

I'm loosing it!!! this is so annoying...

A little comparison I made:

Machine A

Code:

[root@lx105 MPH40100]# getent group | wc -l
117

Code:

[root@lx105 MPH40100]# ls -l hello*
-rwxrwxrwx 1 root users 0 Jul  8 16:57 hello
-rw-r--r-- 1 root users 0 Jul  8 17:00 hello2
-rw-r--r-- 1 root users 0 Jul  8 17:04 hello3
-rw-r--r-- 1 root root  0 Jul  8 17:11 hello4

Code:

[root@lx105 MPH40100]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),105(pkcs11)

Code:

[root@lx105 MPH40100]# chown root:users hello2
chown: changing ownership of `hello2': Operation not permitted

Machine B

Code:

[root@mp-nis01 MPH40100]# getent group | wc -l
117

Code:

[root@mp-nis01 MPH40100]# ls -l hello*
-rwxrwxrwx 1 root users 0 Jul  8 16:57 hello
-rw-r--r-- 1 root users 0 Jul  8 17:00 hello2
-rw-r--r-- 1 root users 0 Jul  8 17:04 hello3
-rw-r--r-- 1 root root  0 Jul  8 17:11 hello4

Code:

[root@mp-nis01 MPH40100]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),105(pkcs11)

Code:

[root@mp-nis01 MPH40100]# chown root:users hello2                                                                           
[root@mp-nis01 MPH40100]#

I can't figure out why on Machine A it doesn't work while on B it does.

Thanks everyone for the help!

niiiro · 07-08-2012, 10:01 AM

Quote:

Originally Posted by jschiwal

Also check the permissions on the parent directory. I'm not sure, but if the sticky bit is set, that might prevent changing ownership, but I doubt that would be the case for root. I'm on a tablet now and can't experiment myself now. I didn't see if root squash was the default. The setting should probably be made explicit in the exports file.

No sticky bit or whatsoever was set on parent directory.

niiiro · 07-08-2012, 10:03 AM

Quote:

Originally Posted by vikas027

By default NFS maps all requests to the anonymous uid/gid i.e. nfsnobody.

You need to use "no_root_squash" option as given here though not recommended.

Hope this helps.

no_root_squash option was set through the filer(NetApp)

vikas027 · 07-10-2012, 05:09 AM

Quote:

Originally Posted by niiiro

no_root_squash option was set through the filer(NetApp)

Can you post output of below.

Quote:

showmount -e IP of NetApp Filer
cat /etc/mtab

If you do not find "no_root_squash" option in /etc/mtab, try remounting it as below and try your luck.

Code:

mount -o remount,no_root_squash /mount/point

niiiro · 07-16-2012, 01:56 AM

Quote:

Originally Posted by vikas027

Can you post output of below.

If you do not find "no_root_squash" option in /etc/mtab, try remounting it as below and try your luck.

Code:

mount -o remount,no_root_squash /mount/point

Thanks for your reply vikas.

showmount -e mp-filer01

Code:

Export list for mp-filer01:
/vol/vol2s/home/stephz        (everyone)
/vol/vol2k/home/kobir         (everyone)
/vol/vol2y/home/yulia         (everyone)
/vol/vol2e/home/eyalc         (everyone)
/vol/vol2l/home/layout1       (everyone)
/vol/vol2l/home/layout2       (everyone)
/vol/vol2e/home/eyall         (everyone)
/vol/vol2l/home/layout3       (everyone)
/vol/vol2e/home/evgeny        (everyone)
/vol/vol2y/home/yanirl        (everyone)
/vol/vol2c/home/chen          (everyone)
/vol/vol2j/home/johanaa       (everyone)
/vol/vol2r/home/roik          (everyone)
/vol/vol2i/home/ident         (everyone)
/vol/vol2s/home/shlomis       (everyone)
/vol/vol2s/home/slavisaf      (everyone)
/vol/vol2/tools               (everyone)
/vol/vol2k/test_qtree         (everyone)
/vol/vol2/projects            172.29.0.0/16
/vol/vol2t/home/test          (everyone)
/vol/vol2s/home/saarb         (everyone)
/vol/vol2/opt                 (everyone)
/vol/vol2o/home/omera         (everyone)
/vol/vol2a                    (everyone)
/vol/vol2b                    (everyone)
/vol/vol2c                    (everyone)
/vol/vol2d                    (everyone)
/vol/vol2e                    (everyone)
/vol/vol2e/home/eugene        (everyone)
/vol/vol2m/home/MPH40100      (everyone)
/vol/vol2f                    (everyone)
/vol/vol2/public              (everyone)
/vol/vol2g                    (everyone)
/vol/vol2h                    (everyone)
/vol/vol2i                    (everyone)
/vol/vol2a/home/arikc         (everyone)
/vol/vol2j                    (everyone)
/vol/vol2proj                 (everyone)
/vol/vol2k                    (everyone)
/vol/vol2l                    (everyone)
/vol/vol2u/home/udi           (everyone)
/vol/vol2m                    (everyone)
/vol/vol2rep/rep              (everyone)
/vol/vol2n                    (everyone)
/vol/vol2o                    (everyone)
/vol/vol2p                    (everyone)
/vol/vol2q                    (everyone)
/vol/vol2/www                 (everyone)
/vol/vol2r                    (everyone)
/vol/vol2s                    (everyone)
/vol/vol2t                    (everyone)
/vol/vol2u                    (everyone)
/vol/vol2v                    (everyone)
/vol/vol2o/home/omri          (everyone)
/vol/vol2w                    (everyone)
/vol/vol2x                    (everyone)
/vol/vol2v/home/victork       (everyone)
/vol/vol2y                    (everyone)
/vol/vol2z                    (everyone)
/vol/vol2d/home/djordjet      (everyone)
/vol/vol0                     (everyone)
/vol/vol1                     (everyone)
/vol/vol2                     (everyone)
/vol/vol4                     172.29.9.5,172.29.1.200
/vol/vol2r/home/ronenw        (everyone)
/vol/vol4/VM                  (everyone)
/vol/vol2s/home/svetap        (everyone)
/vol/vol2t/home/temp          (everyone)
/vol/vol2s/home/shimons       (everyone)
/vol/vol2m/home/michaelb      (everyone)
/vol/vol2/mysql               (everyone)
/vol/vol2c/home/cad           (everyone)
/vol/vol2y/home/yonatanb      (everyone)
/vol/vol2n/home/nirs          (everyone)
/vol/vol2i/home/it            (everyone)
/vol/vol2a/home/amirk         (everyone)
/vol/vol2y/home/yossir        (everyone)
/vol/vol2v/home/vladimirk     (everyone)
/vol/vol2proj/proj            (everyone)
/vol/vol2o/home/omer          (everyone)
/vol/vol2v/home/vlsilib_admin (everyone)
/vol/vol2a/home/avic          (everyone)
/vol/vol2a/home/andrei        (everyone)
/vol/vol2a/home/assiz         (everyone)
/vol/vol2a/home/alonm         (everyone)
/vol/vol2rep                  (everyone)
/vol/vol2g/home/gilad         (everyone)
/vol/vol2g/home/gregoryv      (everyone)
/vol/vol2y/home/yaron         (everyone)
/vol/vol2a/home/alon          (everyone)

cat /etc/mtab

Code:

/dev/sda2 / ext3 rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/sda5 /local_disk ext3 rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
mp-filer01:/vol/vol2/public /public nfs rw,addr=172.29.1.200 0 0
mp-filer01:/vol/vol2/opt /opt nfs rw,addr=172.29.1.200 0 0
mp-filer01:/vol/vol2/tools /tools nfs rw,addr=172.29.1.200 0 0
mp-filer01:/vol/vol2/projects /projects nfs rw,addr=172.29.1.200 0 0
mp-filer01:/vol/vol2proj/proj /proj nfs rw,addr=172.29.1.200 0 0
mp-filer01:/vol/vol2rep/rep /rep nfs rw,addr=172.29.1.200 0 0
nfsd /proc/fs/nfsd nfsd rw 0 0
172.29.1.200:/vol/vol2y/home/yaron /home/yaronb nfs rw,addr=172.29.1.200 0 0
172.29.1.200:/vol/vol2v/home/victork /home/victork nfs rw,addr=172.29.1.200 0 0

mount -o remount,no_root_squash mp-filer01:/vol/vol2/projects

Code:

[root@lx103 ~]# mount -o remount,no_root_squash mp-filer01:/vol/vol2/projects
Unsupported nfs mount option: no_root_squash

vikas027 · 07-17-2012, 03:05 PM

Quote:

Originally Posted by niiiro

Thanks for your reply vikas.
mount -o remount,no_root_squash mp-filer01:/vol/vol2/projects

Code:

[root@lx103 ~]# mount -o remount,no_root_squash mp-filer01:/vol/vol2/projects
Unsupported nfs mount option: no_root_squash

Try this (as per your scenario) and paste output of grep projects /etc/mtab

Code:

mount -o remount,no_root_squash /projects

niiiro · 07-17-2012, 11:10 PM

Quote:

Originally Posted by vikas027

Try this (as per your scenario) and paste output of grep projects /etc/mtab

Code:

mount -o remount,no_root_squash /projects

[root@lx103 ~]# mount -o remount,no_root_squash /projects
Unsupported nfs mount option: no_root_squash

Code:

[root@lx103 ~]# grep projects /etc/mtab
mp-filer01:/vol/vol2/projects /projects nfs rw,addr=172.29.1.200 0 0

Thanks!

jschiwal · 07-17-2012, 11:34 PM

According to my man pages, no_root_squash isn't one of the mount options for mount.nfs. You need it in the /etc/exports file.

vikas027 · 07-18-2012, 12:40 AM

Quote:

Originally Posted by jschiwal

According to my man pages, no_root_squash isn't one of the mount options for mount.nfs. You need it in the /etc/exports file.

Hi jschiwal,

Yes it is not there, but we can explicitly define it at the client end (obviously /etc/exports should also have it). I have tried it.

In this case, the NFS exports are from NetApp Filer. I am not sure, how we can check the exports options there, thus I had asked OP to give it a try to remount the NFS mount point with no_root_squash option. Thanks.