LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-01-2012, 05:01 AM   #1
joachimjacob
LQ Newbie
 
Registered: Jan 2009
Location: Belgium, Ghent
Distribution: Ubuntu Precise, Red Hat, CentOS
Posts: 8

Rep: Reputation: 0
NFS mounts always as user nobody on Centos


Hi,


I want to use an NFS exported directory on a server aimed for FTP file upload. For this, the mounted NFS directory needs to have the same user/group as indicated in the FTP settings. However, the NFS share only mounts as user 'nobody', but I need user 'galaxy'.

The FTP server is a virtual machine, running CentOS release 6.2 (Final).
The NFS server is the host of the virtual machine, running Red Hat Enterprise Linux Server release 6.3 (Santiago).

NFS is both version 4.

On the NFS server

The user:
Code:
#id galaxy
uid=600(galaxy) gid=601(galaxy) groups=601(galaxy)
The export settings:
Code:
# cat /etc/exports
...
/mnt/galdb-bitsprod/database 192.168.x.x(rw,all_squash,anonuid=600,anongid=601)
...
The exported directory permissions:
Code:
# ll -d /mnt/galdb-bitsprod/database/
drwxrwxr-x 10 galaxy galaxy 4096 Jul 13 10:50 /mnt/galdb-bitsprod/database/
NFS is running:
Code:
# service nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 16318) is running...
nfsd (pid 16383 16382 16381 16380 16379 16378 16377 16376) is running...
rpc.rquotad (pid 16314) is running...
Code:
# service rpcidmapd status
rpc.idmapd (pid 16369) is running...

On the FTP server

The user:
Code:
# id galaxy
uid=600(galaxy) gid=601(galaxy) groups=601(galaxy)
Somebody said this service needs to be running (to map ids?):
Code:
# service rpcidmapd status
rpc.idmapd (pid 1932) is running...
NFS exported directory is visible:
Code:
# showmount -e nfsserver
/mnt/galdb-bitsprod/database 192.168.x.x
NFS exported directory entry in fstab:
Code:
# cat /etc/fstab
# Galaxy Database
192.168.x.x:/mnt/galdb-bitsprod/database	/mnt/galaxydb	nfs rw,exec,auto	0 0
Permissions after mounting the directory:
Code:
#mount /mnt/galaxydb
#ll -d /mnt/galaxydb
drwxrwxr-x 10 nobody nobody 4096 Jul 13 10:50 /mnt/galaxydb/
Small note: the folder on the FTP server to which I mount, belongs to user and group 'galaxy'. The problem hence: after mounting the folder is from user nobody, and it needs to be 'galaxy'.

What I have tried:
- google :-) (actually, most of what I have already comes from this)
- changed a bit the mount options in fstab: user, and users (but these are only setting the permissions of who can mount)

Very often, the solution pops up in my head after writing so much down... Not this time unfortunately. Looking for some assistance here.

Cheers!
Joachim
 
Old 08-01-2012, 05:24 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
That is what the all_squash export option does.

Oh, I missed the anonuid options.

Could you post your /etc/idmap.conf file?

Last edited by jschiwal; 08-01-2012 at 05:53 AM.
 
Old 08-01-2012, 06:28 AM   #3
joachimjacob
LQ Newbie
 
Registered: Jan 2009
Location: Belgium, Ghent
Distribution: Ubuntu Precise, Red Hat, CentOS
Posts: 8

Original Poster
Rep: Reputation: 0
On the NFS server:

Code:
# cat /etc/idmapd.conf 
[General]
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
#Domain = local.domain.edu

# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
# be the same user as <user>@REALM.B
# If not specified, the default local realm is the domain name,
# which defaults to the host's DNS domain name,
# translated to upper-case.
# Note that if this value is specified, the local realm name
# must be included in the list!
#Local-Realms = 

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

[Translation]

# Translation Method is an comma-separated, ordered list of
# translation methods that can be used.  Distributed methods
# include "nsswitch", "umich_ldap", and "static".  Each method
# is a dynamically loadable plugin library.
# New methods may be defined and inserted in the list.
# The default is "nsswitch".
Method = nsswitch

# Optional.  This is a comma-separated, ordered list of
# translation methods to be used for translating GSS
# authenticated names to ids.
# If this option is omitted, the same methods as those
# specified in "Method" are used.
#GSS-Methods = <alternate method list for translating GSS names>
 
#-------------------------------------------------------------------#
# The following are used only for the "static" Translation Method.
#-------------------------------------------------------------------#
#[Static]

# A "static" list of GSS-Authenticated names to
# local user name mappings

#someuser@REALM = localuser


#-------------------------------------------------------------------#
# The following are used only for the "umich_ldap" Translation Method.
#-------------------------------------------------------------------#

#[UMICH_SCHEMA]

# server information (REQUIRED)
#LDAP_server = ldap-server.local.domain.edu

# the default search base (REQUIRED)
#LDAP_base = dc=local,dc=domain,dc=edu

#-----------------------------------------------------------#
# The remaining options have defaults (as shown)
# and are therefore not required.
#-----------------------------------------------------------#

# whether or not to perform canonicalization on the
# name given as LDAP_server
#LDAP_canonicalize_name = true

# absolute search base for (people) accounts
#LDAP_people_base = <LDAP_base>

# absolute search base for groups
#LDAP_group_base = <LDAP_base>

# Set to true to enable SSL - anything else is not enabled
#LDAP_use_ssl = false

# You must specify a CA certificate location if you enable SSL
#LDAP_ca_cert = /etc/ldapca.cert

# Objectclass mapping information

# Mapping for the person (account) object class
#NFSv4_person_objectclass = NFSv4RemotePerson

# Mapping for the nfsv4name attribute the person object
#NFSv4_name_attr = NFSv4Name

# Mapping for the UID number
#NFSv4_uid_attr = UIDNumber

# Mapping for the GSSAPI Principal name
#GSS_principal_attr = GSSAuthName

# Mapping for the account name attribute (usually uid)
# The value for this attribute must match the value of 
# the group member attribute - NFSv4_member_attr
#NFSv4_acctname_attr = uid

# Mapping for the group object class
#NFSv4_group_objectclass = NFSv4RemoteGroup

# Mapping for the GID attribute
#NFSv4_gid_attr = GIDNumber

# Mapping for the Group NFSv4 name
#NFSv4_group_attr = NFSv4Name

# Mapping for the Group member attribute (usually memberUID)
# The value of this attribute must match the value of NFSv4_acctname_attr
#NFSv4_member_attr = memberUID
On the FTP server that has mounted the nfs share:
Code:
# cat /etc/idmapd.conf 
[General]
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
#Domain = local.domain.edu

# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
# be the same user as <user>@REALM.B
# If not specified, the default local realm is the domain name,
# which defaults to the host's DNS domain name,
# translated to upper-case.
# Note that if this value is specified, the local realm name
# must be included in the list!
#Local-Realms = 

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

[Translation]

# Translation Method is an comma-separated, ordered list of
# translation methods that can be used.  Distributed methods
# include "nsswitch", "umich_ldap", and "static".  Each method
# is a dynamically loadable plugin library.
# New methods may be defined and inserted in the list.
# The default is "nsswitch".
Method = nsswitch

# Optional.  This is a comma-separated, ordered list of
# translation methods to be used for translating GSS
# authenticated names to ids.
# If this option is omitted, the same methods as those
# specified in "Method" are used.
#GSS-Methods = <alternate method list for translating GSS names>
 
#-------------------------------------------------------------------#
# The following are used only for the "static" Translation Method.
#-------------------------------------------------------------------#
#[Static]

# A "static" list of GSS-Authenticated names to
# local user name mappings

#someuser@REALM = localuser


#-------------------------------------------------------------------#
# The following are used only for the "umich_ldap" Translation Method.
#-------------------------------------------------------------------#

#[UMICH_SCHEMA]

# server information (REQUIRED)
#LDAP_server = ldap-server.local.domain.edu

# the default search base (REQUIRED)
#LDAP_base = dc=local,dc=domain,dc=edu

#-----------------------------------------------------------#
# The remaining options have defaults (as shown)
# and are therefore not required.
#-----------------------------------------------------------#

# whether or not to perform canonicalization on the
# name given as LDAP_server
#LDAP_canonicalize_name = true

# absolute search base for (people) accounts
#LDAP_people_base = <LDAP_base>

# absolute search base for groups
#LDAP_group_base = <LDAP_base>

# Set to true to enable SSL - anything else is not enabled
#LDAP_use_ssl = false

# You must specify a CA certificate location if you enable SSL
#LDAP_ca_cert = /etc/ldapca.cert

# Objectclass mapping information

# Mapping for the person (account) object class
#NFSv4_person_objectclass = NFSv4RemotePerson

# Mapping for the nfsv4name attribute the person object
#NFSv4_name_attr = NFSv4Name

# Mapping for the UID number
#NFSv4_uid_attr = UIDNumber

# Mapping for the GSSAPI Principal name
#GSS_principal_attr = GSSAuthName

# Mapping for the account name attribute (usually uid)
# The value for this attribute must match the value of 
# the group member attribute - NFSv4_member_attr
#NFSv4_acctname_attr = uid

# Mapping for the group object class
#NFSv4_group_objectclass = NFSv4RemoteGroup

# Mapping for the GID attribute
#NFSv4_gid_attr = GIDNumber

# Mapping for the Group NFSv4 name
#NFSv4_group_attr = NFSv4Name

# Mapping for the Group member attribute (usually memberUID)
# The value of this attribute must match the value of NFSv4_acctname_attr
#NFSv4_member_attr = memberUID
Note, I did not change anything in here yet.
 
Old 08-01-2012, 06:45 AM   #4
joachimjacob
LQ Newbie
 
Registered: Jan 2009
Location: Belgium, Ghent
Distribution: Ubuntu Precise, Red Hat, CentOS
Posts: 8

Original Poster
Rep: Reputation: 0
Ok, thanks for the hint to /etc/idmapd.conf.

I have changed both on the nfs server as on mounting server this line:
Code:
[Mapping]

Nobody-User = nobody
Nobody-Group = nobody
to

Code:
[Mapping]

Nobody-User = galaxy
Nobody-Group = galaxy
Next,
Code:
# service rpcidmapd restart
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
I am doing the right thing here? If I understand correctly, all users mounting nfs will be given the galaxy user. This is a normal user. How would I be able to set this more granularly?
 
Old 08-02-2012, 06:53 AM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I was going to suggest changing the line:
#Domain = local.domain.edu
to
Domain=localdomain

It is how mine is. The idmapd.conf manpage states:
Quote:
[Mapping] section variables
Nobody-User
Local user name to be used when a mapping cannot be completed.

Nobody-Group
Local group name to be used when a mapping cannot be completed.
A blog I read stated that an error in the domain name will cause mapping to fail. Your solution might work indirectly. I had the same idea you had, but couldn't back it up with any examples. They all keep the default Nobody-User, or use nfsuser instead which has the same UID.
 
Old 08-03-2012, 04:34 AM   #6
joachimjacob
LQ Newbie
 
Registered: Jan 2009
Location: Belgium, Ghent
Distribution: Ubuntu Precise, Red Hat, CentOS
Posts: 8

Original Poster
Rep: Reputation: 0
Cool Solved

Awfully lot of thanks! This made it! Now I feel more comfortable to dig into the man pages ;-)

So, in my cookbook, the main ingredients for success with NFS:
1. make sure ids on host and client are identical
2. make sure the domain names are correctly set
 
Old 08-03-2012, 05:58 AM   #7
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
For NFS4, you need all shares under an nfs root directory. This takes more work, using -bind or -rbind mounts, mounting one directory over another. Client mount commands (or the fstab entry) will use server:share instead of the full path.

Good Luck!
 
Old 10-10-2012, 05:06 PM   #8
nhusain
LQ Newbie
 
Registered: Jul 2011
Posts: 5

Rep: Reputation: Disabled
Hello, I am having a similar problem. I have host server with all users' folders in one directory. When i mount the folder from a client server, I am getting all folders owned by "nobody". If I mention in the idmapd.conf file about NFSv4_gid_attr, I get the group that all the folders belong to. But I am getting all nobody for "owner". How do I set up for all the users (about 15 of them). I need HELP. Thanks in advance. Naz Husain
 
  


Reply

Tags
nfs exports


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS Mounts before network up bocochoco Fedora 12 07-23-2012 02:18 PM
Sharing a file system containing nfs- and sshfs-mounts (Centos 5.5 64 Bit) geolino Linux - Server 0 02-07-2011 06:36 AM
[SOLVED] is there a way to monitor NFS mounts? recomboDNA Linux - Server 2 07-30-2010 10:55 AM
User NFS mounts - "mount: only root can do that" arashi256 Linux - Networking 2 06-25-2010 01:07 PM
Backgrounding NFS mounts kaplan71 Linux - Networking 1 05-18-2005 04:50 PM


All times are GMT -5. The time now is 07:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration