LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-01-2007, 02:25 PM   #1
anvilravine
LQ Newbie
 
Registered: Oct 2007
Location: Midwest USA
Distribution: Fedora, Arch
Posts: 7

Rep: Reputation: 0
Question Mounted NFS share denies access to subdirectories


Hi all, I'm still learning the ins and outs of Linux. Right now I'm having a bit of a problem with NFS. I'm trying to access a media share called "storage" which I have setup on my main machine running Sabayon 3.4.

The NFS share mounts without complaint, but then if I do a directory listing on the mount point, I get this:

Code:
$ ls -l /mnt/storage/
total 0
?--------- ? ? ? ?            ? /mnt/storage/backup
?--------- ? ? ? ?            ? /mnt/storage/dvd
?--------- ? ? ? ?            ? /mnt/storage/linux
?--------- ? ? ? ?            ? /mnt/storage/music
?--------- ? ? ? ?            ? /mnt/storage/recordings
?--------- ? ? ? ?            ? /mnt/storage/video
It can see all the subdirectories (which is where all the actual content is), but trying to ls or cd into any of them returns

Code:
$ ls /mnt/storage/music
ls: /mnt/storage/music: Permission denied

$ cd /mnt/storage/music
bash: cd: /mnt/storage/music: Permission denied
Is this a server/client UID problem? If so, what do I need to do to enable access to this share? My /etc/exports reads:

Code:
/media/storage 192.168.1.0/255.255.255.0(ro)
Which as far as I know should give access to "storage" to everyone on my home network.

/etc/hosts.deny is denying ALL on portmap, lockd, mountd, rquotad, and statd.

/etc/hosts.allow reads ALL:192.168.1.0/255.255.255.0

The server machine is running Sabayon 3.4, and the client in question has Fedora Core 5.

If anyone can shed any light on this, it would be appreciated. And if there's any information I omitted which would be helpful, please let me know and I will provide it.
 
Old 10-01-2007, 06:23 PM   #2
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 32
the uid/gid (numerical values!) have to match for client/server

--> use chown to change the uid/gid on the server or client as needed.

Last edited by rtspitz; 10-01-2007 at 06:25 PM.
 
Old 10-02-2007, 09:50 AM   #3
anvilravine
LQ Newbie
 
Registered: Oct 2007
Location: Midwest USA
Distribution: Fedora, Arch
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rtspitz View Post
the uid/gid (numerical values!) have to match for client/server

--> use chown to change the uid/gid on the server or client as needed.
Okay, so in other words, if UID 1000, GID 0 owns the storage share on the server end, then in order to access the share from the client, I need to change the actual UID:GID of the client to 1000:0 (like in /etc/passwd)? Or do I just chown the share on the client end to these numerical values?
 
Old 10-02-2007, 10:19 AM   #4
Gethyn
Member
 
Registered: Aug 2003
Location: UK
Distribution: (X)Ubuntu 10.04/10.10, Debian 5, CentOS 5
Posts: 900

Rep: Reputation: 32
There are a number of ways of dealing with this problem. The simplest, though possibly inconvenient, way is to make sure that all computers have matching uids and gids. It's also possible to use uid mapping though, through the use of ugidd, some kind of static map, or LDAP. You can read a bit more about these methods here.
 
Old 10-02-2007, 10:29 AM   #5
anvilravine
LQ Newbie
 
Registered: Oct 2007
Location: Midwest USA
Distribution: Fedora, Arch
Posts: 7

Original Poster
Rep: Reputation: 0
All right, so I used usermod -u to change the UID/GID of the main user on the client to 1000:0 (to match the owner of the share on the server). Nothing seems to have changed.

EDIT: Also tried using the map_daemon option in my /etc/exports file as per your link Gethyn, which also doesn't seem to have changed anything. Do I need to be setting up the daemon elsewhere so that ugidd will work?

Last edited by anvilravine; 10-02-2007 at 10:38 AM.
 
Old 10-02-2007, 11:12 AM   #6
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 32
you cannot (and should not) change the share from the client, as it is set read-only on the server.
basically you need to make sure that users on your client have numerical user-ids that match the ones on your server. that is text names like 'users' don't matter!

example dir on the server ('ls -n'):

drwxrwxr-x 40 1000 100 4096 2007-10-02 17:02 my-home-dir

this folder is owned by some user with user-id: 1000 and group-id: 100


for users on the client machine to get access they need to be in a group on the client with a numerical id of 1000. those numbers can be set during group/user creation. this also poses some security issue, as anybody with root access on some nfs client can switch those numbers as desired - and gain root access to that share !

that's why you should always use something like this:

/media/storage 192.168.1.0/255.255.255.0(ro,root_squash)

oops. a bit late :-)

are all daemons running ? portmap ?

Last edited by rtspitz; 10-02-2007 at 11:26 AM.
 
Old 10-02-2007, 02:32 PM   #7
anvilravine
LQ Newbie
 
Registered: Oct 2007
Location: Midwest USA
Distribution: Fedora, Arch
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rtspitz View Post
are all daemons running ? portmap ?
rpcinfo returns that portmapper and nfs processes are running on both machines. Should I be looking for something specific to make sure "map_daemon" is running?

The share on the server (which is owned by user "luke"):

Code:
$ cat /etc/passwd | grep luke
luke:x:1000:0:Luke,,,:/home/luke:/bin/bash

$ ls -n /media/storage
total 40
drwxrwxr--  3 1000 0  4096 2007-09-11 02:57 backup
drwxrwxr--  9 1000 0  4096 2007-09-29 10:25 dvd
drwxrwxr--  9 1000 0  4096 2007-07-05 09:05 linux
drwxrwxr--  6 1000 0  4096 2007-09-26 09:04 music
drwxrwxr-- 15 1000 0 12288 2007-09-26 09:16 recordings
drwxrwxr--  5 1000 0 12288 2007-09-28 06:48 video
The mount directory on the client (being accessed by user "jukebox"):

Code:
$ cat /etc/passwd | grep jukebox
jukebox:x:1000:0::/home/jukebox:/bin/bash

$ ls -n /mnt/
total 4
drwxrwxr-- 8 1000 0 4096 Sep 26 04:30 storage

$ ls -n /mnt/storage
total 0
?--------- ? ? ? ?            ? /mnt/luke/storage/backup
?--------- ? ? ? ?            ? /mnt/luke/storage/dvd
?--------- ? ? ? ?            ? /mnt/luke/storage/linux
?--------- ? ? ? ?            ? /mnt/luke/storage/music
?--------- ? ? ? ?            ? /mnt/luke/storage/recordings
?--------- ? ? ? ?            ? /mnt/luke/storage/video
As you can see, the UID/GIDs now match, yet I still can't read the storage share from the client machine.
 
Old 10-04-2007, 12:10 AM   #8
anvilravine
LQ Newbie
 
Registered: Oct 2007
Location: Midwest USA
Distribution: Fedora, Arch
Posts: 7

Original Poster
Rep: Reputation: 0
Figured it out.

The permissions on the /storage directory were set incorrectly. I did a chmod -r 755 and now everything works just fine.

Thank you all for your help!
 
  


Reply

Tags
client, nfs, server, subdirectories


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS share is only mounted read-only? Poetics Linux - Networking 2 05-30-2007 12:58 PM
Mounted NFS share service question tito2502 Suse/Novell 1 12-15-2006 12:11 PM
Executing a script stored in an mounted NFS Share Riddick Linux - Software 6 01-13-2006 06:14 PM
export a mounted Samba share w/NFS nifflerX Linux - Software 3 07-18-2005 11:29 PM
DocumentRoot on a nfs mounted share pdhami Red Hat 0 05-17-2004 02:17 PM


All times are GMT -5. The time now is 09:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration