ONTAP Discussions

NFS SHARE MOUNT /multiprotocol share

Netapp_maniac

Hello Folks,

Background -

I have created a vol with unix security style for multiprotcol . I see that windows clients are able to access the share but  for linux/unix clients i am unable to mount the nfs share without root permissions . I am able to mount the share only if i do sudo bash .I have disabled the option of mount-root-only but still unable to get it fixed.

How can i get this fix ? why i am not able to mount without being root user .

 

Thanks,

 

 

 

 

9 REPLIES 9

DarrenJ

What does your export policy look like for the volume you're trying to access?


https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-930/vserver__export-policy__rule__show.html

I have set it as default 

Rule Index: 1
Access Protocol: nfs3
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 




Tried sectrace using IP , trace -result shows up nothing 

tried for unix user 

i have got below error when creating a filter.

 

Vserver: svm_dragonzee (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
[ 2 ms] Entry for user-name: aadfakm-a01 not found in the
current source: FILES. Entry for user-name: aadfakm-a01
not found in any of the available sources
**[ 7] FAILURE: Unable to retrieve UID for UNIX user aadfakm-a01

Error: command failed: Failed to create or modify an NFS security trace filter because the UNIX user name "aadfakm-a01" could not be
resolved to a UNIX ID.

 

But as per export-policy rule i have added clientmatch for access , so any user loggin in thru matching clients should be able to mount it ?

The incoming UNIX user ID (UID) that tries to mount or access a mount point cannot be looked up in any of the name-services (NIS, LDAP, file).
 
You will need the unix user to be validated to the Vserver. 
If you are using LDAP, check if there is any connection issues.
As a troubleshooting step, you can create a local unix-user on the Vserver and check if it will work correctly.
 

We dont have LDAP/NIS in our environment , When creating local unix user on vserver  it worked but what if i have n no. of users . what should be done in that case.

 

parisi

This is not a NetApp issue, but an NFS client issue.

 

The way the client is configured controls what non-root users can and cannot do.

 

For instance, on my client, only root can use "-o" on mounts:

 

bash-4.2$ mount -o nfsvers=3 demo:/home /mnt/home
mount: only root can use "--options" option

 

I can sudo, but if I'm not in the sudoers file, I'm not allowed mount commands:
bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for git:
git is not in the sudoers file. This incident will be reported.

 

When I add the user to the sudoers file, it can mount:

 

bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home
[sudo] password for git:

demo:/home on /mnt/home type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.193.67.237,mountvers=3,mountport=635,mountproto=udp,local_lock=none,addr=10.193.67.237)

 

You could also leverage the automounter files to remove the need for users to be in sudoers, where the mount occurs when they cd to the mountpoint. 

 

https://linux.die.net/man/8/automount

What you said , could be right . but what if in case when the user doesn't sudo or root access has not been given to the user .Does name mapping works here ? if yes then how could i do thta 

 

This is an NFS client issue; you can't mount as a non-root user without making some changes to the client or using automounter.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public