ONTAP Discussions

NFS SHARE MOUNT /multiprotocol share

Netapp_maniac
5,878 Views

Hello Folks,

Background -

I have created a vol with unix security style for multiprotcol . I see that windows clients are able to access the share but  for linux/unix clients i am unable to mount the nfs share without root permissions . I am able to mount the share only if i do sudo bash .I have disabled the option of mount-root-only but still unable to get it fixed.

How can i get this fix ? why i am not able to mount without being root user .

 

Thanks,

 

 

 

 

1 ACCEPTED SOLUTION

parisi
5,768 Views

This is not a NetApp issue, but an NFS client issue.

 

The way the client is configured controls what non-root users can and cannot do.

 

For instance, on my client, only root can use "-o" on mounts:

 

bash-4.2$ mount -o nfsvers=3 demo:/home /mnt/home
mount: only root can use "--options" option

 

I can sudo, but if I'm not in the sudoers file, I'm not allowed mount commands:
bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for git:
git is not in the sudoers file. This incident will be reported.

 

When I add the user to the sudoers file, it can mount:

 

bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home
[sudo] password for git:

demo:/home on /mnt/home type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.193.67.237,mountvers=3,mountport=635,mountproto=udp,local_lock=none,addr=10.193.67.237)

 

You could also leverage the automounter files to remove the need for users to be in sudoers, where the mount occurs when they cd to the mountpoint. 

 

https://linux.die.net/man/8/automount

View solution in original post

10 REPLIES 10

DarrenJ
5,860 Views

What does your export policy look like for the volume you're trying to access?


https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-930/vserver__export-policy__rule__show.html

Netapp_maniac
5,857 Views

I have set it as default 

Rule Index: 1
Access Protocol: nfs3
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 




Netapp_maniac
5,834 Views

Tried sectrace using IP , trace -result shows up nothing 

tried for unix user 

i have got below error when creating a filter.

 

Vserver: svm_dragonzee (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
[ 2 ms] Entry for user-name: aadfakm-a01 not found in the
current source: FILES. Entry for user-name: aadfakm-a01
not found in any of the available sources
**[ 7] FAILURE: Unable to retrieve UID for UNIX user aadfakm-a01

Error: command failed: Failed to create or modify an NFS security trace filter because the UNIX user name "aadfakm-a01" could not be
resolved to a UNIX ID.

 

But as per export-policy rule i have added clientmatch for access , so any user loggin in thru matching clients should be able to mount it ?

Mjizzini
5,823 Views
The incoming UNIX user ID (UID) that tries to mount or access a mount point cannot be looked up in any of the name-services (NIS, LDAP, file).
 
You will need the unix user to be validated to the Vserver. 
If you are using LDAP, check if there is any connection issues.
As a troubleshooting step, you can create a local unix-user on the Vserver and check if it will work correctly.
 

Netapp_maniac
5,694 Views

We dont have LDAP/NIS in our environment , When creating local unix user on vserver  it worked but what if i have n no. of users . what should be done in that case.

 

parisi
5,769 Views

This is not a NetApp issue, but an NFS client issue.

 

The way the client is configured controls what non-root users can and cannot do.

 

For instance, on my client, only root can use "-o" on mounts:

 

bash-4.2$ mount -o nfsvers=3 demo:/home /mnt/home
mount: only root can use "--options" option

 

I can sudo, but if I'm not in the sudoers file, I'm not allowed mount commands:
bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for git:
git is not in the sudoers file. This incident will be reported.

 

When I add the user to the sudoers file, it can mount:

 

bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home
[sudo] password for git:

demo:/home on /mnt/home type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.193.67.237,mountvers=3,mountport=635,mountproto=udp,local_lock=none,addr=10.193.67.237)

 

You could also leverage the automounter files to remove the need for users to be in sudoers, where the mount occurs when they cd to the mountpoint. 

 

https://linux.die.net/man/8/automount

Netapp_maniac
5,694 Views

What you said , could be right . but what if in case when the user doesn't sudo or root access has not been given to the user .Does name mapping works here ? if yes then how could i do thta 

 

parisi
5,667 Views

This is an NFS client issue; you can't mount as a non-root user without making some changes to the client or using automounter.

Netapp_maniac
5,298 Views

Thank you , this has helped !

Public