[OpenIndiana-discuss] nfs permission denied

Tue, 08 May 2012 08:44:15 -0700 

Hello,

 I'm trying to setup an NFS server under oi 151. So far so good, but
there is one hurdle I'd like to overcome regarding security.

 The nfs service is running -

 root@openindiana:~# svcs -a | grep nfs | grep server
online         22:51:58 svc:/network/nfs/server:default


And I have one entry in dfstab to test this out -

root@openindiana:~# tail /etc/dfs/dfstab
# This file is reconstructed and only maintained for backward
# compatibility. Configuration lines could be lost.
#
#       share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
#       .e.g,
#       share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
share -F nfs /tank/xen

>From what I've read the default for entries in dfstab is that the
shares will be available rw (read/write).

If I go to the client  (FreeBSD 8.2) and test, I can see the mount -

[root@LBSD2:~] #showmount -e nas
Exports list on nas:
/tank/xen                          Everyone

And.. I can mount the share -

[root@LBSD2:~] #mount nas:/tank/xen /mnt/xen

[root@LBSD2:~] #df -h /mnt/xen
Filesystem       Size    Used   Avail Capacity  Mounted on
nas:/tank/xen    1.3T     45K    1.3T     0%    /mnt/xen

However if I test my permissions on the mounted share volume (on the
client side as root) -

 [root@LBSD2:~] #touch /mnt/xen/test
touch: /mnt/xen/test: Permission denied

I get permission denied. I notice on the (oi) server, the permissions
look fine -

root@openindiana:~# ls -l /tank | grep xen
drwxr-xr-x   2 root     root           2 May  7 22:58 xen

So I tried incrementally loosening up permissions -

server : root@openindiana:~# chmod 775 /tank/xen

once again on the client:

 [root@LBSD2:~] #touch /mnt/xen/test
touch: /mnt/xen/test: Permission denied

And it doesn't work until I open up the directory on the server to world -

server: root@openindiana:~# chmod 777 /tank/xen

[root@LBSD2:~] #touch /mnt/xen/test
[root@LBSD2:~] #echo hi > /mnt/xen/test
[root@LBSD2:~] #cat /mnt/xen/test
hi

Obviously this is a situation I should correct if I can. : )

Thanks in advance and best regards,
Tim

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to