Hello Christopher, 

that's a nice explanation. I thought only the contents _under_ 
.../nfs-mounted/ would be server-side, not the mount-point itself. Well you 
always learn more. no_root_squash is not an option, I will have a look as 
how to manage that properly on our server side.

Mainly I just want to have the directory to have the correct permission 
when it is not currently mounted.


Thanks & greetings, 
Axel. 

Am Mittwoch, 1. August 2012 00:24:21 UTC+2 schrieb Christopher Wood:
>
> (inline) 
>
> On Tue, Jul 31, 2012 at 05:23:00AM -0700, Axel Bock wrote: 
> >    Hi group, 
> > 
> >    I am managing an NFS mount with puppet. And it does not work, and 
> >    seriously I really don't see how this can work out nicely. First I 
> make 
> >    sure with a file {} class that the directory I want to mount exists. 
> Cause 
> >    it is used by the webserver it should belong to the wwwrun/www group 
> on 
> >    the system. No prob. 
>
> This is changing the directory inode on the nfs client. 
>
> >    Then I mount the NFS share on the dir. No prob. 
>
> Now the inode that your nfs client sees is on the nfs server. It is not 
> the same inode that you just managed with puppet. 
>
> (I say inode, but depending on the nfs server it may not be a unix 
> filesystem behind it.) 
>
> >    On the 2nd run of puppet though ... Error! The NFS mount point is 
> >    "changed" over to root:root with 775 permissions (or 777? I don't 
> >    remember). Puppet of course now wants to set the user:group of the 
> dir ... 
> >    and naturally fails. 
>
> This is dependent on your nfs server settings. You likely have root_squash 
> set by default (see 'man exportfs'), so any activity as the root user on 
> the nfs client is mapped to a "nobody" or "nfsnobody" (uid 65535 or 
> similar) on the nfs server. Check /etc/exports on the nfs server. 
>
> >    So is there a way to keep this error from happening? 
>
> You can set no_root_squash on the export and run 'exportfs -a' on the nfs 
> server. Then you might have to remount on the client end. 
>
> The broader issue is whether you should manage file permissions on the nfs 
> client or the nfs server. I haven't decided myself, but if you do it on the 
> server you won't have to reduce security by running no_root_squash. The 
> mount will also arrive with the correct permissions. 
>
> >    Thanks in advance & greetings, 
> >    Axel. 
> > 
> >    -- 
> >    You received this message because you are subscribed to the Google 
> Groups 
> >    "Puppet Users" group. 
> >    To view this discussion on the web visit 
> >    [1]https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ. 
> >    To post to this group, send email to puppet-users@googlegroups.com. 
> >    To unsubscribe from this group, send email to 
> >    puppet-users+unsubscr...@googlegroups.com. 
> >    For more options, visit this group at 
> >    http://groups.google.com/group/puppet-users?hl=en. 
> > 
> > References 
> > 
> >    Visible links 
> >    1. https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Zv1eyP-mRrQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to