LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-22-2009, 09:49 AM   #1
JohnGraham
Member
 
Registered: Oct 2009
Posts: 467

Rep: Reputation: 139Reputation: 139
NFS rootfs - problems with permissions


Hi there, I've got a bit of an NFS headache I was hoping someone could help me with - there are a couple of similar issues I found by googling, but nothing quite in line with what I've got.

I'm trying to mount an NFS share on my host computer as the rootfs on an embedded device. Everything works fine when the files on the host computer are all owned by root. However, when I make them all owned by me (for safer/non-superuser scripts, etc.), my device can't boot - I start getting messages on the console like:

Code:
mount: only root can do that
Initializing /var... mount: only root can do that
FAILED

(...)

Mounting local filesystems...mount: only root can do that
failed.
In my /etc/exports file, I've used the no_root_squash option*, and wireshark shows the nfs requests from the device are being made with uid=0, gid=0.

I'm not very experienced with NFS at all, but it looks like my nfsd simply isn't honouring the no_root_squash option - anyone know if this might be the issue/how to find out if it is? Or have any other ideas?





* I even tried all_squash,anonuid=0,anongid=0 - I know this is a bad idea, but I was desperate
 
Old 10-22-2009, 12:12 PM   #2
thegeek
Member
 
Registered: Oct 2009
Location: Amsterdam
Distribution: CentOS,Fedora,Puppy
Posts: 62

Rep: Reputation: 20
Are you mounting as the root user ? ( to mount the filesystem )
Thats what the error looks like ...

I can reproduce it here:

[publisher@f11 ~]$ mount /dev/sdb /mnt/MYTIME
mount: only root can do that
 
Old 10-22-2009, 12:57 PM   #3
uteck
Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: GalliumOS on Chrombook
Posts: 662

Rep: Reputation: 211Reputation: 211Reputation: 211
On the client machine, is the mount point owned by root before you mount NFS? If you want non-root users to mount it, then the mount point needs to be accessible by them.
 
Old 10-22-2009, 01:58 PM   #4
JohnGraham
Member
 
Registered: Oct 2009
Posts: 467

Original Poster
Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by thegeek View Post
Are you mounting as the root user ? ( to mount the filesystem )
Thats what the error looks like ...

I can reproduce it here:

[publisher@f11 ~]$ mount /dev/sdb /mnt/MYTIME
mount: only root can do that
Yes, I'm mounting it as the root filesystem, so it's mounted by the kernel by passing it "root=/dev/nfs nfsroot=192.168.1.32:/path/to/nfs ip=..." as a boot argument.



Quote:
Originally Posted by uteck View Post
On the client machine, is the mount point owned by root before you mount NFS? If you want non-root users to mount it, then the mount point needs to be accessible by them.
Well, the mount point would be `/', so yes - but the point is that I want the root user to mount it, and it *can* mount it when the NFS share on the server is owned by root, and *can't* mount it if the NFS share on the server is not owned by root.



Does anyone know a bit more about the uid/gid squashing? I *think* all I have to do is use no_root_squash on the client, which tells the server that it's the root user, and will then get root access to the NFS share on my machine. Have I got this right?

John G
 
Old 10-22-2009, 02:52 PM   #5
thegeek
Member
 
Registered: Oct 2009
Location: Amsterdam
Distribution: CentOS,Fedora,Puppy
Posts: 62

Rep: Reputation: 20
Hi again, you got me interested enough to work it out.

I mounted a remote nfs filesystem as an unprivileged user , make sure your user can sudo mount ! That is why i asked about if you were using root.

My nfs server config is simple for testing: /mnt/nfs0 *(rw,no_root_squash)

I left the errors in the shell, and was tweaking sudo access in between:

[neil@localhost ~]$ mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0
mount: only root can do that

Ok this means i am not allowed to use the mount command, lets try with sudo:

[neil@localhost ~]$ sudo mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0
[sudo] password for neil:
Sorry, user neil is not allowed to execute '/bin/mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0' as root on localhost.localdomain.

Ok - I didnt configure it right, i need to add a line so that the group users is allowed to use the mount command through sudo , and then add my self to the users group:

E.g. entry in /etc/sudoers:

%users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

Then modify the users group:

usermod -G users neil

Let me know if that helps

[neil@localhost ~]$ mount
/dev/mapper/VolGroup-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
gvfs-fuse-daemon on /home/neil/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=neil)
websrv:/mnt/nfs0 on /mnt/nfs0 type nfs (rw,addr=192.168.1.50)

Last edited by thegeek; 10-22-2009 at 03:00 PM.
 
Old 10-23-2009, 04:09 AM   #6
JohnGraham
Member
 
Registered: Oct 2009
Posts: 467

Original Poster
Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by thegeek View Post
Hi again, you got me interested enough to work it out.

I mounted a remote nfs filesystem as an unprivileged user , make sure your user can sudo mount ! That is why i asked about if you were using root.

My nfs server config is simple for testing: /mnt/nfs0 *(rw,no_root_squash)

I left the errors in the shell, and was tweaking sudo access in between:

[neil@localhost ~]$ mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0
mount: only root can do that

Ok this means i am not allowed to use the mount command, lets try with sudo:

[neil@localhost ~]$ sudo mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0
[sudo] password for neil:
Sorry, user neil is not allowed to execute '/bin/mount -o rw -t nfs websrv:/mnt/nfs0 /mnt/nfs0' as root on localhost.localdomain.

Ok - I didnt configure it right, i need to add a line so that the group users is allowed to use the mount command through sudo , and then add my self to the users group:

E.g. entry in /etc/sudoers:

%users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

Then modify the users group:

usermod -G users neil

Let me know if that helps

[neil@localhost ~]$ mount
/dev/mapper/VolGroup-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
gvfs-fuse-daemon on /home/neil/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=neil)
websrv:/mnt/nfs0 on /mnt/nfs0 type nfs (rw,addr=192.168.1.50)
Thanks for that. Interesting... am I reading this right, that you can't get the client machine to let you use 'sudo' to act as root on another computer, even if you're allowed to locally?

Still, it's not quite what I've got - I've got a client that is the root user, who isn't able to mount things on the nfs share if they're not owned (on the server) by the root user.

Also, I probably should have emphasised that it's not the actual mounting of the share that's the problem - I can mount it fine, but because I'm trying to mount it at boot time, I then need to start mounting proc, tmpfs, etc. type filesystems, and that's where it all goes wrong.

So, to get a similar setup to me applied to your setup... on the server, websrv, you'd have to do a `chown -R neil:neil /mnt/nfs0', and then on the client you'd mount normally as root. Then you'd try to mount something on the NFS system from the client machine - e.g. if your client had an sdb1: `mount /dev/sdb1 /mnt/nfs0/usbdrive'. If your machines act like mine, this should complain that you're not root.
 
Old 10-23-2009, 05:56 AM   #7
thegeek
Member
 
Registered: Oct 2009
Location: Amsterdam
Distribution: CentOS,Fedora,Puppy
Posts: 62

Rep: Reputation: 20
John,

The error you get here:

mount: only root can do that
Initializing /var... mount: only root can do that
FAILED


Suggests that it really is not the root user trying to do it, thats why i included these examples of doing it by sudo.

Ps i chowned /mnt/nfs0 with the owner:group : root:users, and added my user to the group users

Last edited by thegeek; 10-23-2009 at 05:57 AM.
 
Old 10-23-2009, 08:17 AM   #8
JohnGraham
Member
 
Registered: Oct 2009
Posts: 467

Original Poster
Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by thegeek View Post
John,

The error you get here:

mount: only root can do that
Initializing /var... mount: only root can do that
FAILED


Suggests that it really is not the root user trying to do it, thats why i included these examples of doing it by sudo.
It does suggest that - but this is during system initialisation, so I can be sure it's the root user doing this on the client (nd besides, it has no problem with mounting anything when the files on the server are owned by root).

That's the point - it looks like my nfs server is:

1) Treating the client as user `john' when the files are owned by me, and

2) Treating the client as user `root' when the files are owned by root.

Which is what I find strange and would like to stop - or am I missing something, and this is the intended behaviour?


By the way, I forgot to mention I'm running nfs-kernel-server on Ubuntu 9.04. I've been using it with another embedded project with no hiccups at all - for that I used "all_squash,anonuid=1000,anongid=1000" as (some of) the options. All the files in that directory are owned by uid=1000, gid=1000 (obviously), and everything works dandy - I can mount and everything as usual.


John G
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Root-NFS: Server returned error -13 while mounting /home/aravindb/RFS/rootfs boinpally Linux - Server 4 06-16-2011 07:15 AM
nfs permissions cuk Slackware 6 02-26-2009 06:08 PM
NFS and RH Cluster Suite; Problems relating services/resources to NFS l_long_island Linux - Server 5 08-30-2008 11:20 AM
Mounting rootfs via nfs: Remounting rw does not work tilman1 Linux - Networking 5 04-10-2008 11:57 PM
NFS Permissions aqoliveira Linux - General 0 01-10-2002 02:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration