Unable to change ownership of NFSv4 shared directory in redhat linux 6.3
Hi there,
I'm struck with a weird problem here.request your help. I have enabled NFSv4 in one of my RHEL 6.3 server and mounted the same in RHEL 6.3 client. Now I wish to change the ownership of one of the file in nfs shared directory which is being prevented by the OS. Following is the error I received when I try to do so. Code:
[root@cialqec os_pkgs]# chown crqadm.dba ss SERVER Code:
Mar 2 16:48:06 cialdec rpc.idmapd[27958]: nss_getpwnam: name 'crqadm' not found in domain 'cok.aero' Code:
Mar 2 15:29:23 cialqec kernel: NFS: v4 server 10.10.10.31 does not accept raw uid/gids. Reenabling the idmapper. Pls post in a solution. Thanks in advance Rgrds, Sreejith |
Sreejith,
What method of authentication are you using for the server and client? Unless you are using something like LDAP or NIS to authenticate all of the machines to a single source, you cannot change the permissions on an NFS share. If you are using one of the authentication methods I mentioned, the root user on the client machine that you are logged in too will have to have root permissions on the NFS share in order to change owner of a file. This may sound odd, but root on one machine is not root on another without explicitly specifing that authority on the NFS share from the server. On the client machine, "root" will be seen as nfsnobody. You can test this by creating a file on the share and seeing what permissions you actually have. HTH....if you stillhave trouble, please give more details about the current setup for clarity. |
Thanks for your valuable reply.
I'm very new to the terms LDAP and NIS.It will be of great help if you could give me more clarity on how to setup NIS/LDAP on server and client? and why is it required? Regards, Sreejith |
They're not necessarily required; they are centralised authentication systems instead of using local (per machine) authentication.
LDAP is similar (ish) to MSWin AD. NIS is a simpler equivalent, and not much used as its strictly plaintext. With NFS, the uid (not the username) must match on both ends of the connection. (Also gid if using group perms) See Chap 18 http://www.linuxtopia.org/online_boo...ion/index.html. This site has howtos for the various protocols http://www.linuxhomenetworking.com/ |
Hi,
I am little more familiar with Solaris NFS, where in this id mapping will happen automatically. No NIS or LDAP is needed. Now here in linux, the scenarios is , I have an NFS server with few user names of UIDs 501,502,503 and in the NFS client I have different user names with same UIDs as in server. In NFS client,I need to change the ownership of a directory in NFS share from root to user1(UID 501). In NFS server UID 501 is mapped to user3. Can you suggest me a way forward? Thanks, Sreejith |
id mapping is not automatic; its a requirement of NFS that they (uids, gids) be the same to effect normal usage, so the Admins will arrange that.
Normally NFS exports are created such that the client root id is downgraded (option root_squash); often as 'nfsnobody' or 'nobody' username, uid typically 65536 or some such. Its not a good idea to allow remote root users access to the server. Since ownerships can only be set by root, ownerships need to be changed at the server end. See those links of mine. |
Thanks chrism01 for your advice.
But the NFS shared directory is for taking db level backup from all clients where it is mounted.So the ownership of the directory must be set to DB backup user name which differs between clients. Can you give me a solution/work around to achieve this ? Rgrds, Sreejith |
In that case, I'd create (on the SERVER) a dedicated DB_backup gid and make that the gid of the (SERVER) export. Create the same gid on the clients and you're gold :)
Remember that a user can be a member of multiple groups. |
Very good advice. Thank you so much.
Rgrds, Sreejith |
All times are GMT -5. The time now is 01:56 AM. |