I created a nfs share in the server(Solaris 10) with the following command and also updated the dfstab file
share -F nfs -o rw=server_name2,anon=0 /to_share
And then in the client(solaris 10) added the following command to mount the share
mount -F nfs server_name1:/to_share /shared_by
In the client ,I changed the owner of the mount directory and all the files in it to another user (oracle)
But it doesn't allow oracle to modify the file or create a new file in the dir.
Please let me know if I need to change any option.
What you've done seems to me like it should work. Nothing jumps out at me as being incorrect. It could be a permissions issue; perhaps not.
What I would do is to get it working first by opening up security if it's not too big a risk for the site, and then close things down step by step checking it still works.
Here's what I would do in your position...........
1. Are you sure that the shared directory on the server allows writing permission to that client? To be sure set the actual shared directory rights to 777. Does it work now?
2. When the server receives an in-bound connection request it only has the clients ip address. Can the server resolve that to the client name that you have given in your share command? Ensure that client (and its ip address) appears in /etc/hosts or can be resolved through DNS. If not, the server doesn't know who's who.
(On the server, if you
Do you get the correct response? Is the client name resolved to the correct ip address?)
Does it work now?
3. Try changing your share command to:
to give the in-bound connection root permissions on the server. (You can also omit the anon=0, it's a "catch all" for unidentified users.)
Does it work now?
Remember that you may need to re-issue the server share, and re-issue the client NFS mount to test it.
Hope that helps.
Do please post back your progress. There's other things to try. There's loads of expertise on this forum to help you, be assured of that.
If you can take the security risk, get it working first at any cost and then tighten up afterwards. If you can't take that risk, let us know.
Using "anon=0" is about as dangerous to security as you can possibly imagine.
What "anon=0" means is, "If I don't know who you are, I'm giving you root permissions in the file system." If you need to do THAT, something is badly broken in your configuration. BADLY BROKEN.
Create this file in that NFS file system on an NFS client as a user that's not recognized by the NFS server:
crack.c:
Now run these commands:
Then run something like this from any host mounting that file system - as any user - whether it's mounted natively or via NFS:
Instant root shell, goodbye security.
Having to use
is telling you that
is not sufficient to identify the client. See note 2 in my post#2.
Did you put (previously created) files in the share directory on the server? If so, what security mask is on them? You may have set the parent share directory to 777, but what about the files below?
Yes, as I recommended you got it working "at any cost" but you now need to consider the security level you are going to run with.
As already pointed out by Achenle, using anon=0 gives root access to all unidentified users. It all depends whether you can risk that.
Right, now that I've finally worked out this website, I'll ask my question!
I am having an absolute nightmare with NFS on AIX. I have used it many times, and I know what I'm doing, however I cannot fathom what is going on here. I have 2 LPARs, sitting on the same physical host. They are... (12 Replies)
My customer has created a share on a Windows Server 2012 system and exported it as a NFS share.
I can mount the share on a SCO system, but I only have read/write access. So I am unable to list the contents of the share. It is as if the directories had 0666 permissions.
My customer says that this... (5 Replies)
Hi,
I have exported a few nfs mounts from one server to the nfs clients.
This is my nfs server dfstab :
# cat /etc/dfs/dfstab
# place share(1M) commands here for automatic execution
# on entering init state 3.
#
# share <pathname>
# .e.g,
# share -F... (3 Replies)
I need a help of good people with effective bash script to mount nfs shared,
By the way I did the searches, since i haven't found that someone wrote a script like this in the past, I'm sure it will serve more people.
The scenario as follow:
An NFS Client with Daily CRON , running bash script... (4 Replies)
Hi,
I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server.
On the NFS Server, in /etc/dfs/, I added following line to dfstab file.
share -F nfs -o rw /var/share
& then ran the following
svcadm -v enable -r... (3 Replies)
Hi
We have two servers name A and B .
I have a folder "Share" on A was NFS mounted to "B" server.
I have set the ACL permissions using setfacl , so that both (One user from Server A and another user from Server B) users can read and write to the directory.
Both users can create the... (0 Replies)
I have an AIX box that mounts a Windows share across subnets. When I try to copy a 100 MB file to it, it copies around 2 MB/s. If I copy to another Windows share on the same subnet it copies around 12 MB/s. All I have is gigabit networks so I would expect it to go well over 12 MB/s, which is the... (8 Replies)
there are few nas shares that would be mounted on the local zone. should i add an entry into the add an entry in zone.xml file so that it gets mounted automatically when the zone gets rebooted? or whats the correct way to get it mounted automatically when the zone reboots (2 Replies)
Hey Guys,
I need to copy some files from my Apache server to SMB share ...
copy $file,"/Volumes/v1/x/test/$datestamp$name$suffix"
Unfortunately this command when executed from Apache/cgi-bin is not able to access mounted volumes .. is there anything that can be done about that ... Can... (1 Reply)
Hello Everyone,
I have a pseries machine running AIX 4.3.3 that has an invalid IP in /etc/hosts. During a boot the system hangs because it's trying to mount an NFS share to this invalid IP.
I've tried to boot the system from a mksysb (not sure if the device was defined as rmt0) and AIX CD... (0 Replies)