Peter, Here is where I am at right now.
I can obvious read/write when using anon=0. That for sure works. But you pointed out it is also a security risk. NFS-Server# zfs get sharenfs backup NAME PROPERTY VALUE SOURCE backup sharenfs rw=x.x.x.x,root=x.x.x.x,nosuid local # This is how i have it setup using direct setting, I'm actually using IP address and that makes no difference because I'm bypassing DNS services by doing that. This what I get on the client below: # mount -F nfs NFS-SERVER:/backup /nfs/backup nfs mount: NFS-SERVER:/backup: Permission denied NFS-SERVER# id uid=0(root) gid=0(root) # cat /etc/passwd | grep root root:x:0:0:Super-User:/:/sbin/sh CLIENT# id uid=0(root) gid=0(root) # cat /etc/passwd | grep root root:x:0:0:Super-User:/:/usr/bin/bash As you can see the only difference is the client is using bash for it's shell while the other uses sh. As I have mentioned before UID and GUID is not the issue. The only thing I have come up with is there is 2 NFS patches that are needing updating. One of them is 122300 and 117179 patch ID's and see if that fixes my issue. the others seem to be up to date. I guess this be as good of time to learn dtrace. Any suggestion on a dtrace script to use and try to see what is going on. Phillip ________________________________________ From: Phillip Bruce (Mindsource) Sent: Saturday, August 14, 2010 2:29 PM To: Peter Karlsson Cc: zfs-discuss@opensolaris.org Subject: RE: [zfs-discuss] NFS issue with ZFS Peter, Thanks for the suggestions, I'm getting closer to solving the problem. it definitely works when using anon setting. I can read / write to the filesystem all day long. But as you mentioned using anon is a bad idea and a security risk. Something I get my hand slapped with keeping this in that configuration. I tired setting directly as root but I keep getting permission denied. I will try this as oracle user and see if I get same thing. Doesn't make sense as I'm using right now a Linux (Centos) and getting the same thing. Phillip ________________________________________ From: Peter Karlsson [peter.k.karls...@oracle.com] Sent: Friday, August 13, 2010 9:21 PM To: Phillip Bruce (Mindsource) Cc: zfs-discuss@opensolaris.org Subject: Re: [zfs-discuss] NFS issue with ZFS On 8/14/10 11:49 , Phillip Bruce (Mindsource) wrote: > Peter, > > what would you expect for root? > That is the user I am at. root is default mapped to annon, if you don't specifically export it with the option to allow root on one or more clients to be mapped to local root on the server. zfs set sharenfs=rw,root=host zpool/fs/to/export where host is a ':' separated list of hosts. Alternatively, if you want root from any host to be mapped to root on the server (bad idea), you can do something like this zfs set sharenfs=rw,anon=0 zpool/fs/to/export to allow root access to all hosts. /peter > Like I already stated it is NOT a UID or GUID issue. > Both systems are the same. Try as a different user that have the same uid on both systems and have write access to the directory in qustion. > > Phillip > ________________________________________ > From: Peter Karlsson [peter.k.karls...@oracle.com] > Sent: Friday, August 13, 2010 7:23 PM > To: zfs-discuss@opensolaris.org; Phillip Bruce (Mindsource) > Subject: Re: [zfs-discuss] NFS issue with ZFS > > Hi Phillip, > > What's the permissions on the directory where you try to write to, and > what user are you using on the client system, it's most likely a UID > mapping issue between the client and the server. > > /peter > > On 8/14/10 3:19 , Phillip Bruce wrote: >> I have Solaris 10 U7 that is exporting ZFS filesytem. >> The client is Solaris 9 U7. >> >> I can mount the filesytem just fine but I am unable to write to it. >> showmount -e shows my mount is set for everyone. >> the dfstab file has option rw set. >> >> So what gives? >> >> Phillip > _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
