javeree Guru
Joined: 29 Jan 2006 Posts: 453
|
Posted: Fri Mar 06, 2020 6:14 pm Post subject: permission issue using nfsv4 |
|
|
background:
I wanted to run a dovecot server on nfsclient, and export the mail spool as '/mnt/mail' via nfsv4.
user 'jan' has uid 1002 on nfsclient and uid 1000 on nfsserver, so my first attempt resulted in /mnt/mail/jan/* to be owned by another user who happened to have uid 1000 on the nfs server.
=> I ran idmapd on both nfsclient and nfsserver, restarted the server and remounted the share.
As user jan, I get for "ls -ld /mnt/mail/jan /mnt/mail/jan/*"
Quote: | ls: cannot access '/mnt/mail/jan/*': Permission denied
drwx------ 300 jan root 20480 Mar 6 18:12 /mnt/mail/jan |
Stilll, I see that files /mnt/mail/jan/* are owned by user jan:
Now running as root on nfsclient: ls -ld /mnt/mail/jan /mnt/mail/jan/* (I get the exact same output when I run this on nfsserver
Quote: | drwx------ 300 jan root 20480 Mar 6 18:12 /mnt/mail/jan
drwx------ 2 jan root 290816 Mar 6 18:11 /mnt/mail/jan/cur
-rw------- 1 jan users 21160 Mar 6 18:09 /mnt/mail/jan/dovecot.index
-rw------- 1 jan users 165288 Mar 6 18:11 /mnt/mail/jan/dovecot.index.cache
-rw------- 1 jan users 12544 Mar 6 18:12 /mnt/mail/jan/dovecot.index.log
-rw------- 1 jan users 32832 Mar 5 19:34 /mnt/mail/jan/dovecot.index.log.2
-rw------- 1 jan users 14677 Mar 29 2014 /mnt/mail/jan/dovecot.index.thread
-rw------- 1 jan users 71 May 30 2019 /mnt/mail/jan/dovecot-keywords
-rw------- 1 jan users 32232 Mar 4 12:31 /mnt/mail/jan/dovecot.list.index
-rw------- 1 jan users 5312 Mar 6 18:11 /mnt/mail/jan/dovecot.list.index.log
-rw------- 1 jan users 3864 Feb 28 09:59 /mnt/mail/jan/dovecot.mailbox.log
-rw------- 1 jan users 4104 Nov 12 2017 /mnt/mail/jan/dovecot.mailbox.log.2
-rw------- 1 jan users 73324 Mar 6 17:56 /mnt/mail/jan/dovecot-uidlist
-rw------- 1 jan users 8 Feb 27 21:53 /mnt/mail/jan/dovecot-uidvalidity
-rw------- 1 jan users 0 Aug 4 2010 /mnt/mail/jan/dovecot-uidvalidity.4c589e62
-r--r--r-- 1 jan users 0 Oct 24 2012 /mnt/mail/jan/dovecot-uidvalidity.50881400
drwx------ 2 jan root 73728 Mar 6 17:56 /mnt/mail/jan/new
-rw------- 1 jan users 6568 Feb 28 09:59 /mnt/mail/jan/subscriptions
drwx------ 2 jan root 69632 Mar 6 17:56 /mnt/mail/jan/tmp |
I got some extra information from dovecot running on nfsclient. I can start dovecot alright, but when I try to read my inbox, I get the following in dovecot log:
Quote: | Mar 06 18:26:11 [dovecot] imap-login: Login: user=<jan>, method=PLAIN, rip=192.168.1.20, lip=192.168.4.58, mpid=24281, TLS, session=<L3wE8zKgwJDAqAEU>
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: stat(/mnt/mail/jan/subscriptions) failed: Permission denied
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: open(/mnt/mail/jan/dovecot.list.index.log) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +x perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?))
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: opendir(/mnt/mail/jan) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +r perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?), dir owned by 0:100 mode=0750)
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: Couldn't create mailbox list lock /mnt/mail/jan/mailboxes.lock: file_create_locked(/mnt/mail/jan/mailboxes.lock) failed: open(/mnt/mail/jan/mailboxes.lock) failed: Permission denied
Mar 06 18:26:11 [dovecot] imap(jan)<24281><L3wE8zKgwJDAqAEU>: Error: stat(/mnt/mail/jan/tmp) failed: Permission denied (euid=1000(jan) egid=1000(jan) missing +x perm: /mnt/mail/jan, UNIX perms appear ok (ACL/MAC wrong?))
|
The key here seems to be that somehow /mnt/mail/jan/ is owned by root:users instead of jan:root as the ls command thinks.
But here I am stuck. What could cause this 'incorrect' ownership ?
FYI, here is more info related to this mount:
/etc/fstab on nfsclient:
Quote: | nfsserver:/mnt/mail /mnt/mail nfs _netdev,noauto,noatime,hard,intr,vers=4 0 0 |
exportfs -av | grep mail on nfsserver:
Quote: | exporting 192.168.4.0/255.255.127.0:/export/mnt/mail |
/etc/fstab on nfsserver:
Quote: | /mnt/hd/3da8d1d7-b223-41e2-866b-7904ef021e7f/mail /export/mnt/mail none defaults,bind,noexec 0 0 |
|
|