Network and Storage Protocols

NFS exports unix permissions

miguel_maldonado
12,270 Views

Hello,

I am trying to share a volume using NFS. My exports file is as follows:

/vol/vol0/home    -sec=sys,rw,root=192.168.139.129,nosuid
/vol/vol0    -sec=sys,ro,rw=192.168.139.129,root=192.168.139.129,nosuid
/vol/vol1    -sec=sys,rw,root=192.168.139.129,nosuid
/vol/vol2    -sec=sys,rw=192.168.139.129:192.168.139.130

On my Unix host, my fstab file is as follows:

# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
# / was on /dev/sda1 during installation
UUID=795c225c-49eb-4d2b-8f5a-fa1aca21863a /               ext4    errors=remount-ro 0       1
# swap was on /dev/sda5 during installation
UUID=cb741834-e9ab-489b-9052-680eb03de30e none            swap    sw              0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0
filer1:/vol/vol2        /media/vol2  nfs    rw,users,auto 0       0

So when I try to mount the vol2 export as a differnt user than root (jose), this user does not have permissions on that folder or in the folders within:

jose@ontapsim:/media$ mount /media/vol2
jose@ontapsim:/media$ ls -la
total 20
drwxr-xr-x  5 root root 4096 2010-08-28 23:49 .
drwxr-xr-x 24 root root 4096 2010-08-25 16:49 ..
drwxr-xr-x  2 root root 4096 2010-08-28 14:43 extra
lrwxrwxrwx  1 root root    7 2010-08-24 17:08 floppy -> floppy0
drwxr-xr-x  2 root root 4096 2010-08-24 17:08 floppy0
drwxr-xr-x  4 root root 4096 2010-08-28 23:06 vol2
jose@ontapsim:/media$

This is how the filer is exporting its volumes

jose@ontapsim:/media$ showmount -e filer1
Export list for filer1:
/vol/vol0/home (everyone)
/vol/vol0      192.168.139.129
/vol/vol1      (everyone)
/vol/vol2      192.168.139.129,192.168.139.130
jose@ontapsim:/media$

This is the security style on the filer1

filer1> qtree
qtree: This command is deprecated; using qtree status.
Volume   Tree     Style Oplocks  Status  
-------- -------- ----- -------- ---------
vol0              unix  enabled  normal  
vol1              unix  enabled  normal  
vol1     qt1      unix  enabled  normal  
vol2              unix  enabled  normal  
vol2     qt2      unix  enabled  normal

The permission is always set to root instead of the user I use to mount the NFS share.

Could you help me find out where am I making a mistake,please?

Thank you and best regards,

Miguel

3 REPLIES 3

aborzenkov
12,270 Views

The permission is always set to root instead of the user I use to mount the NFS share.


Linux does not fake permissions for NFS; you always see actual file permissions that are stored in filer.

miguel_maldonado
12,270 Views

Thank you for your answer, but if the permissions on the fstab are set to "users,rw", doesn`t that mean that whoever mounts the media, has ownership of the files mounted?

On the other hand, I tried to create a folder with root permissions, as you can see below, but even root cannot create files within the NFS mount point.

kike@ontapsim:~$ cd /media/vol2/

kike@ontapsim:/media/vol2$ ls

qt2

kike@ontapsim:/media/vol2$ sudo mkdir jose

mkdir: cannot create directory `jose': Permission denied

and the account kike belongs to the sudoers list.

So my question is where do I give permissions to users to use  a share NFS mount? After setting permissions right, I would like to set quotas for this volume.

Thank you again.

Regards

Miguel

aborzenkov
12,270 Views

if the permissions on the fstab are set to "users,rw", doesn`t that mean  that whoever mounts the media, has ownership of the files mounted?

No. See "mount" manual on Linux what it actually means.

even root cannot create files within the NFS mount point

By default root is not privileged on NFS file system; you have to explicitly grant root permissions by using "anon" or "root=..." option when exporting.

Public