LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-12-2012, 09:10 AM   #1
markb81
LQ Newbie
 
Registered: Jul 2012
Posts: 2

Rep: Reputation: Disabled
Question NFS Server permission denied


Hello,

Hope somebody can help me with a problem I have with my CentOS 6.x NFS Server. I'm trying to setup NFS. I installed NFS and I think I got it to run. My subnet is 192.168.1.x btw

[root@host]# service nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 2523) is running...
nfsd (pid 2588 2587 2586 2585 2584 2583 2582 2581) is running...

In var I added a test directory (777)

drwxrwxrwx. 2 root root 4096 jul 12 16:31 test

I added the export

[root@host var]# exportfs -rav
exporting 192.168.1.*:/var/test

cat /etc/exports
/var/test 192.168.1.*(rw,sync,no_root_squash,no_subtree_check)

I ran exportfs -a and service nfs restart
I also did service iptables stop (cause that caused some errors to)

When I try to mount the share I get an access denied:

mount: 192.168.1.243:/test failed, reason given by server: Permission denied

192.168.1.243 is the ip address of the NFS server.

Can somebody give me some tips what I'm doing wrong here?

Thanks

Mark
 
Old 07-12-2012, 02:19 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
* would work for a host NAME but not for an IP address. * is a wildcard.
From my CentOS 5 "man exports:

Quote:
wildcards
Machine names may contain the wildcard characters * and ?. This
can be used to make the exports file more compact; for instance,
*.cs.foo.edu matches all hosts in the domain cs.foo.edu. As
these characters also match the dots in a domain name, the given
pattern will also match all hosts within any subdomain of
cs.foo.edu.

IP networks
You can also export directories to all hosts on an IP (sub-)
network simultaneously. This is done by specifying an IP address
and netmask pair as address/netmask where the netmask can be
specified in dotted-decimal format, or as a contiguous mask
length (for example, either ‘/255.255.252.0’ or ‘/22’ appended
to the network base address result in identical subnetworks with
10 bits of host). Wildcard characters generally do not work on
IP addresses, though they may work by accident when reverse DNS
lookups fail.
So your entry to allow any host with 192.168.1.x would need to be:
/var/test 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

A good place to calculate netmasks/CIDR ranges is:
http://www.subnet-calculator.com/cidr.php
 
Old 07-12-2012, 03:26 PM   #3
TommyC7
Member
 
Registered: Mar 2012
Distribution: Slackware, Alma, OpenBSD, FreeBSD
Posts: 543

Rep: Reputation: Disabled
Have you tried mounting the NFS share with SELinux disabled? SELinux is very weary about files getting accessed.
 
Old 07-12-2012, 03:28 PM   #4
kernel99
LQ Newbie
 
Registered: Nov 2003
Posts: 24

Rep: Reputation: 1
Quote:
Originally Posted by MensaWater View Post
* would work for a host NAME but not for an IP address. * is a wildcard.
From my CentOS 5 "man exports:



So your entry to allow any host with 192.168.1.x would need to be:
/var/test 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

A good place to calculate netmasks/CIDR ranges is:
http://www.subnet-calculator.com/cidr.php
mine same just like markb81.
/kick 192.168.0.*(rw,insecure,async,insecure_locks,nohide,no_root_squash)

this is working fine for me.
my kickstart server is built in centos 5.5
 
Old 07-12-2012, 03:47 PM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Quote:
Originally Posted by kernel99 View Post
mine same just like markb81.
/kick 192.168.0.*(rw,insecure,async,insecure_locks,nohide,no_root_squash)

this is working fine for me.
my kickstart server is built in centos 5.5
The documentation I quoted earlier clearly says:

Quote:
Wildcard characters generally do not work on
IP addresses, though they may work by accident when reverse DNS
lookups fail
.
This may suggest your reverse DNS isn't working so the wildcard works for you. This does NOT mean it would also work for the OP. The documentation makes it clear that this is NOT the proper way to do it and that in normal situations it would fail.

Last edited by MensaWater; 07-12-2012 at 03:49 PM.
 
Old 07-12-2012, 03:58 PM   #6
kernel99
LQ Newbie
 
Registered: Nov 2003
Posts: 24

Rep: Reputation: 1
Quote:
Originally Posted by MensaWater View Post
The documentation I quoted earlier clearly says:

definitely.

This may suggest your reverse DNS isn't working so the wildcard works for you. This does NOT mean it would also work for the OP. The documentation makes it clear that this is NOT the proper way to do it and that in normal situations it would fail.
i setup my pxe while back & been using like that, i never noticed and using just to jumpstart that's all, now i just realize yes my reverse isn't working...

thanks for pointing out

1. check with rpcinfo -p hostname (see tcp/udp for nfs)
2. showmount -e (check exports)
3. firewall/selinux


that's what i can think of..
someone can add if i miss anything.

thanks much.

Last edited by kernel99; 07-12-2012 at 06:35 PM.
 
Old 07-15-2012, 03:15 PM   #7
markb81
LQ Newbie
 
Registered: Jul 2012
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thumbs down No luck so far....

Hi All,

Thanks for trying to help me. I regret to say I still cannot get it to work.
I changed the /etc/exports with the correct line: /var/test 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)
Ran exportfs -a & service nfs restart

I see that the export is recognized when I run exportfs: /var/test 192.168.1.0/24

I stopped iptables and disabled SELinux for troubleshooting. I still get a permission denied error mounting with the following command:

mkdir test
mount 192.168.1.243:/test test/
mount: 192.168.1.243:/test failed, reason given by server: Permission denied

What am I messing up or configuring wrong?

Grtz,Mark
 
Old 07-16-2012, 11:11 AM   #8
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Is there anything defined in /etc/hosts.{allow,deny}?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS server problem: Permission denied browny_amiga Linux - Networking 2 05-13-2010 10:13 AM
NFS mount : reason given by server: Permission denied linuxsys Linux - Newbie 6 06-09-2009 12:13 PM
nfs server permission denied lackluster Linux - Networking 3 08-21-2004 11:47 AM
nfs problem server: Permission denied anamika123 Linux - Networking 5 04-30-2004 02:56 AM
NFS Problem mounting 2 systems:Permission Denied by server meng_en Linux - General 3 09-24-2002 12:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration