Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NFS server RW perms
Operating Systems Solaris NFS server RW perms Post 302533920 by presul on Saturday 25th of June 2011 02:59:16 PM
Old 06-25-2011
@bartus11 I added 'insecure' deirective to /etc/exports file, restarted deamon but nothing changed.

---------- Post updated at 06:59 PM ---------- Previous update was at 06:23 PM ----------

I found the answer.
There was problem with "root_squash" option in /etc/exports file which is default option when not specified.

When this option is used, then while mounting using the command mount, the user ID ?root? on the NFS client will be replaced by the user ID ?nobody? on the NFS server. This is to prevent the root on the NFS client from taking a superuser privilege on the NFS server, thus perhaps illegally allowing him to modify files on the NFS server.

So I solve this :
------------------
1. mount -o remount,acl /share
2. setfacl -m user:nfsnobody:rwx /share/nfs


It mounts with UID=65534 and GUID=65534 which on CentOS=nfsnobody and on Solaris10=nobody4(UID) and nogroup(GID).

[root@centos11 share]# exportfs -v
/share/nfs <world>(rw,wdelay,insecure,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
/inst <world>(ro,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)

To display UID/GID on centos/sol10 use
Code:
$ ls -ln

You can of course change UID that mounts nfs share from default 65534 to whatever you like but it must exist on both systems : centos nad sol10 with the same UID/GID

Security :
----------
The best would be to run nfs inside ssh tunnel.
Here you have how to do it --->
NFS Security - The Community's Center for Security
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

selective tar image and dir perms

Hi, I'm creating a tar image containing selected files held in a manifest file thus: cat <manifest file> | xargs tar -cvpf tar.out I need to preserve the directory as well as the file perms. When my list contains no separate directory lines, the directory is created implicitly when the... (4 Replies)
Discussion started by: gfarley
4 Replies

2. UNIX for Dummies Questions & Answers

Can't start nfs server!

ok i am pretty new i am thinking this maybe a dns situatioan i dunno.... i am trying to start nfs server i get the followin error: mountd svc_tli create could not bind to requested address: address mismatch svc_create: svc_tli_create failed /usr/lib/nfs/nfsd : tli_bind to wrong address... (14 Replies)
Discussion started by: rmuhammad
14 Replies

3. Solaris

NFS write failed for server.....error 11 (RPC: Server can't decode arguments)

Hello! I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
Discussion started by: sap4ever
3 Replies

4. UNIX for Dummies Questions & Answers

NFS Server

How can i create a nfs share in Windows? (4 Replies)
Discussion started by: proactiveaditya
4 Replies

5. Solaris

Solaris 9 as a nfs client -- centos as a nfs server.

Hello, I have a centos as nfs server, its name is centos_A. After I finish the setup of the nfs server, the other linux can access this nfs server immediately via /net/centos_A/* But, My solaris 9 can not access /net/centos_A/* immediately. I have to leave /net/centos_A, and wait for about... (1 Reply)
Discussion started by: bruceharbin
1 Replies

6. Programming

Determining file access perms for current process

Stupid question, but is there an ANSI C stdlib function that will do this for me? I want to pass the function a path and determine if the current process can read/write/execute on the path. I suppose I can whip something up using fstat and then determining the current process's user/group IDs and... (6 Replies)
Discussion started by: DreamWarrior
6 Replies

7. UNIX for Dummies Questions & Answers

Perms for Unix user

Can you describe how to give privileges to the user in normal use of your folder / home / user To be able to properly use Git and other applications of Python I've done something like chown-R myuser / home / myuser But there were some problems with Git commits.... like link unavailabe and... (3 Replies)
Discussion started by: sandrain
3 Replies

8. Shell Programming and Scripting

Using find for variable combination of perms

Hi, I'm trying to use find in kshell (AIX) to find all files with perms of write for other AND any execute bit set. e.g: r--r-x-w- would qualify and rw-rw--wx would qualify but ---rwxr-xr-x wouldn't qualify So far, I've been trying something like this: find . -type f -perm... (4 Replies)
Discussion started by: alanp36
4 Replies

9. AIX

AIX NFS Server and NFS Client

Hi 2 ALL, try to run NFS Server in AIX 7.1 : 1. Step by step on NFS Server node mkdir /tmp/test chgrp staff /tmp/test chmod 775 /tmp/test-- create export directory (fs) mknfsexp -d /tmp/test -t ro exportfs -va show mount -e :/# exportfs -av exports: 1831-187 re-exported /tmp/test... (4 Replies)
Discussion started by: penchev
4 Replies

LEARN ABOUT HPUX

nfs

nfs(7)							 Miscellaneous Information Manual						    nfs(7)

NAME

       nfs, NFS - network file system

DESCRIPTION

       The  Network File System (NFS) allows a client node to perform transparent file access over the network.  By using NFS, a client node oper-
       ates on files residing on a variety of servers and server architectures, and across a variety of operating systems.  File access  calls	on
       the  client  (such  as  read  requests)	are converted to NFS protocol requests and sent to the server system over the network.	The server
       receives the request, performs the actual file system operation, and sends a response back to the client.

       NFS operates in a stateless manner using remote procedure calls (RPC) built on top of an external data representation (XDR) protocol.   The
       RPC protocol enables version and authentication parameters to be exchanged for security over the network.

       A server grants access to a specific file system to clients by adding an entry for that file system to the server's file.

       A  client  gains access to that file system using the command to request a file handle for the file system (see mount(1M)).  (A file handle
       is the means by which NFS identifies remote files.)  Once a client mounts the file system, the server issues a file handle  to  the  client
       for  each  file	(or directory) the client accesses.  If the file is removed on the server side, the file handle becomes stale (dissociated
       with a known file), and the server returns an error with set to

       A server can also be a client with respect to file systems it has mounted over the network; however, its  clients  cannot  directly  access
       those  file systems.  If a client attempts to mount a file system for which the server is an NFS client, the server returns with set to The
       client must mount the file system directly from the server on which the file system resides.

       The user ID and group ID mappings must be the same between client and server.  However, the server maps UID 0 (the  superuser)  to  UID	-2
       before performing access checks for a client.  This process prevents gaining superuser privileges on remote file systems.

RETURN VALUE

       Generally,  physical  disk I/O errors detected at the server are returned to the client for action.  If the server is down or inaccessible,
       the client receives the message:

       where is the hostname of the NFS server.  The client continues resending the request until it receives an acknowledgement from the  server.
       Therefore,  the	server	can  crash  or power down, and come back up without any special action required by the client.	The client process
       requesting the I/O will block, but remains sensitive to signals (unless mounted with the option) until the server  recovers.   However,	if
       mounted with the option, the client process returns an error instead of waiting indefinitely.

AUTHOR

       was developed by Sun Microsystems, Inc.

SEE ALSO

       exportfs(1M), share(1M), mount(1M), mount_nfs(1M), nfsd(1M), mount(2), fstab(4), dfstab(4).

																	    nfs(7)
All times are GMT -4. The time now is 11:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy