NFS and permission trouble
 

Hey all,

Running into a bit of a weird problem with a Linux file server and an NFS share. The file server has a handful of other Linux systems mapped to it using NFS, and things work great for the most part. As each Linux system connecting to the file server is a production processing system, the share for each is set up the same way and maps them all to the same user/group combo. That all works great, but now there is 1 folder that is pretty locked down needs to be accessible by the other processing systems, but no matter what I've done so far, the folder is always unreadable and kicks back a 'permission denied' when even trying to change to that folder.

Current setup on the file server exports file looks like this for each processing system (substitute the appropriate IP of course):

As the file server is running FC2, this file was generated by using the NFS configuration utility.

The folder I'm trying to access is directly under /Vol1, which I can connect to just fine. User 504 on the server is not the owner of the folder, but belongs to the group that's assigned to it, so therefore has full access to it. Permissions on the folder are set to 770 to allow only the owner and group members access.

So, I guess I'm a bit confused as to why, if the user that is being assigned to all systems mounting via NFS are being assigned to user 504, and user 504 has full access to the folder, I'm not able to even view the folder at all from a client system.

I'm sure this is an issue on the file server itself, but I don't know what more to try (short of setting the permissions higher than 770, which I can't do).

Anyone have any ideas? Sorry if I left out any info.. let me know and I'll supply whatever else might be needed.

Hi

Stupid questions

1.- Has the user 504 machine NFS service enable ??

2.- Have you created for user machine mount points for /Vol1 ??

3.- Is the entry on the fstab ??

Hi, thanks for the response. I'll try to answer your questions here:

1. NFS is enabled and is working for many machines. All of my production systems use user 504 when mapping to the file server as I need them to all have the same writes.

2. Yes, mount points are set up on all client systems. As I'd mentioned. NFS is working for all of them currently, just not for this folder.

3. Fstab entries are in place and working for all client systems. For testing, I've also been mounting it manually and unmounting, just to see if any changes I make work.

So, again, the user 504 on the server belongs to the group that has full access to this folder. User 504 is what all systems are set to when connecting via NFS, but when that happens nobody can access said folder. For some reason those group permissions for the user are not getting passed through NFS, and I'm hoping there is a way around that. The server is running Fedora Core 2.

Thanks!

Why "all_squash" + anonymous identity for a well known user?

Try to suppress "all_squash" and rename "uanonuid" and "uanongid" to simply "uid" and "gid".

I'm using "all_squash" + anonymous because I wanted to force all these processing systems to connect as the same user. Helps solve a lot of potential permissions issues because they all need to access the same things and have the same rights. According to the man pages I've read, using "all_squash" + anonuid and anongid was the way to do this. The user on the server (504) does not exist on the other systems for security reasons (can't have the same user/pw set up on multiple systems).

So, seeing as how the this is set up, wouldn't removing the "all_squash" line just cause problems? Also, would there be any difference really by changing 'anonuid' and 'anongid' to just 'uid' and 'gid'?

Wanted to bump this before the weekend...

Still trying to figure out why, if the user has full access to a folder because the user belongs to the group the folder is assigned to, then why is it that users connecting to the system through NFS and are treated as the same user cannot access the folder? Is this is limitation of NFS, or could I be doing something wrong?