| View previous topic :: View next topic |
| Author |
Message |
grunthus
Apprentice
Joined: 21 Apr 2005
Posts: 194
Location: Shetland UK
|
 Posted: Mon Nov 24, 2008 4:08 pm Post subject: SOLVED: NFS share mounted rw OK, Permission denied writing |
 |
|
Hi,
I have 12 gentoo boxes on a LAN using /home mounted via NFS. 1 of the boxes is being a right pain in the derriere. All other 11 boxes mount rw and allow rw in practice. One client (fladdicap) reports mount as rw but in practice behaves as read only, giving Permission Denied on any write attempt.
The client mounting via NFS with a problem is hostname fladdicap.
The NFS server is hostname mooa.
Client fladdicap's fstab line:
| Code: |
mooa:/home /home nfs rw,hard,intr 0 0 |
| Code: |
* net-fs/nfs-utils
Latest version available: 1.1.3
Latest version installed: 1.1.3
|
| Code: | fladdicap ~ # uname -a
Linux fladdicap 2.6.22-gentoo-r9 #4 SMP Tue Feb 26 23:01:47 UTC 2008 i686 AMD Athlon(tm) AuthenticAMD GNU/Linux |
| Code: | fladdicap ~ # grep NFS /usr/src/linux/.config
CONFIG_NFS_FS=y
CONFIG_NFS_V3=y
# CONFIG_NFS_V3_ACL is not set
# CONFIG_NFS_V4 is not set
# CONFIG_NFS_DIRECTIO is not set
CONFIG_NFSD=y
CONFIG_NFSD_V3=y
# CONFIG_NFSD_V3_ACL is not set
# CONFIG_NFSD_V4 is not set
CONFIG_NFSD_TCP=y
CONFIG_ROOT_NFS=y
CONFIG_NFS_COMMON=y
|
NFSv3 Server (mooa)'s /etc/exports
| Code: | mooa ~ # cat /etc/exports
# /etc/exports: NFS file systems being exported. See exports(5).
/home 192.168.1.0/255.255.255.0(rw,sync,no_subtree_check) |
| Code: | mooa ~ # grep NFS /usr/src/linux/.config
CONFIG_NFS_FS=y
CONFIG_NFS_V3=y
# CONFIG_NFS_V3_ACL is not set
# CONFIG_NFS_V4 is not set
# CONFIG_NFS_DIRECTIO is not set
CONFIG_NFSD=y
CONFIG_NFSD_V3=y
# CONFIG_NFSD_V3_ACL is not set
# CONFIG_NFSD_V4 is not set
CONFIG_NFSD_TCP=y
CONFIG_ROOT_NFS=y
CONFIG_NFS_COMMON=y
|
| Code: | mooa ~ # uname -a
Linux mooa 2.6.22-gentoo-r9 #3 SMP Thu Jan 31 09:24:36 UTC 2008 i686 Celeron (Mendocino) GenuineIntel GNU/Linux
|
| Code: | * net-fs/nfs-utils
Latest version available: 1.1.0-r1
Latest version installed: 1.1.0-r1 |
Hope anyone can suggest some things to try, since all other 11 boxes seem to do just fine!!!
As a start, I'd like to turn up logging, not sure how. I tried looking at init scripts for nfs, but no logging data yet.
Thanks
_________________
Read 'Free Software - Free Society' by RM Stallman
Last edited by grunthus on Sat Feb 21, 2009 3:35 pm; edited 1 time in total |
|
| Back to top |
|
 |
shickapooka800
Guru
Joined: 05 Dec 2004
Posts: 304
Location: no
|
| Posted: Mon Nov 24, 2008 4:24 pm Post subject: |
|
|
when you ls -al the directories on the client, do they have the same permissions as on other clients and the server?
just as a sanity check, you could make an empty test directory and experiment with different permissions (777, 755, 775 etc...) and mount it on the troubled client. this will make sure that nfs is working properly.
if all goes well, maybe it is a userid,groupid mangleing problem? how are users and groups managed across these machines? how are the userid's and groupid's different on the troubled machine? |
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Mon Nov 24, 2008 7:44 pm Post subject: |
|
|
| also try <ls /var/lib/nfs/rpc_pipefs> on client computer that doesn't work |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23088
|
| Posted: Tue Nov 25, 2008 3:54 am Post subject: |
|
|
| You would get Read-only file system if it was a read-only mount. Either you have a userid mapping problem or, if you are using root, you have root squashing turned on and root on the client is being mapped to nobody on the server. Thus, root can only write to a file if nobody can write to that file. |
|
| Back to top |
|
|
grunthus
Apprentice
Joined: 21 Apr 2005
Posts: 194
Location: Shetland UK
|
| Posted: Tue Nov 25, 2008 3:28 pm Post subject: |
|
|
| Code: | fladdicap ~ # ls /var/lib/nfs/rpc_pipefs -al
total 8
drwxr-xr-x 2 root root 4096 Nov 24 11:47 .
drwxr-xr-x 7 root root 4096 Nov 24 22:55 .. |
Clients, including the dodgy client all have the same permissions and ownership.
First sign of narrowing this down, per shickapooka800's advice, I made a /home/test directory, chmod 777. All users on the client can then write to this directory. I'm using NIS for passwd maps.
If the /home/test directory is chmod 775 and chown bob:bob then bob can no longer write to it. So looks like a uid mapping problem as Hu indicates?
How would I proceed with investigating that?
Thanks!
_________________
Read 'Free Software - Free Society' by RM Stallman |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23088
|
| Posted: Wed Nov 26, 2008 3:51 am Post subject: |
|
|
Yes, that sounds like a uid mapping problem. What is the output of id bob on the server and the output of id in the shell that tried to touch a file in /home/test?
Also, note that root squashing is enabled by default, and your exports line does not disable it. |
|
| Back to top |
|
|
sleepless9
n00b
Joined: 27 Aug 2008
Posts: 5
|
| Posted: Fri Nov 28, 2008 12:44 am Post subject: |
|
|
I had the same problem a few weeks ago.. Mounting ok, listing files ok, but permission denied on writing. And the day before that everything worked fine.
I spent a day to double-check my configuration and the UIDs again, just to find out in the end that I had different versions of nfs-utils (and/or) portmap between the server and the client.. Probably an upgrade screwed something up. Emerging the latest version of portmap and nfs-utils in both machines solved it for me. Remember to shut portmap down before emerging. After the update I remember getting strange errors while trying to mount, and the problem was an rpc.statd running from the previous version that was not killed from init.d. |
|
| Back to top |
|
|
grunthus
Apprentice
Joined: 21 Apr 2005
Posts: 194
Location: Shetland UK
|
| Posted: Sat Feb 21, 2009 3:34 pm Post subject: |
|
|
Since I don't want to tinker with my NFS server just yet I just downgraded my client boxes net-fs/nfs-utils to version 1.1.0-r1 (upgrade to 1.1.3 seemed to break rw access to mounted filesystems over NFS)
(I'm building a replacement NFS/ypbind server for one which has not been upgraded for several years, 2.4 kernel, Pentium2 350MHz - so I'm just not going near upgrading it. Strange how one develops a sense of attachment to a venerable old box, which has served my network for years 24/7 with no complaints)
_________________
Read 'Free Software - Free Society' by RM Stallman |
|
| Back to top |
|
|
rfabbri
n00b
Joined: 02 Apr 2009
Posts: 2
|
| Posted: Thu Apr 02, 2009 2:51 am Post subject: Same here, but downgrade missing |
|
|
| grunthus wrote: | Since I don't want to tinker with my NFS server just yet I just downgraded my client boxes net-fs/nfs-utils to version 1.1.0-r1 (upgrade to 1.1.3 seemed to break rw access to mounted filesystems over NFS)
|
I experienced the exact same problem, gave me headaches for a week. I should have quickly searched this forum before starting a quest to read so much background material for nothing. Both my workstation and laptop are NIS/NFS clients running Gentoo with the exact same config, but from the laptop where nfs-utils is older the id mapping works, but from the workstation it doesn't. The problem is that I couldn't find an ebuild for nfs-utils 1.1.0-r1. The oldest I could get was 1.1.3 which still causes the same problem as mentioned by grunthus.
Here is a very dirty temporary solution:
| Code: | emerge --unmerge libnfsidmap nfs-utils
emerge librpcsecgss
emerge =libnfsidmap-0.19
emerge =nfs-utils-1.1.3
|
The last line is part of this dark trick of fooling gentoo into thinking that nfs-utils is installed.
Download nfs-utils 1.1.0-r1 from https://sourceforge.net/project/showfiles.php?group_id=14&package_id=174 and compile it from source.
| Code: | ./configure --enable-gss=no
make && make install
/etc/init.d/portmap restart
|
You should not get the message "ERROR: Some services needed are missing" if you followed the above steps literally.
Now mount your nfs shares as usual, e.g. mount -a. |
|
| Back to top |
|
|
|
Networking & Security
