Solved

Can't mount remote share: "failed: permission denied"

Posted on 2004-10-24
503 Views
Last Modified: 2008-01-09
Hi,

The following command fails:

mount -t nfs 192.168.0.200:/ /mnt/test

It gives the following failure command:

mount: 192.168.0.200:/ failed, reason given by server: permission denied.

Background:

1. On the machine with the IP address 192.168.0.200, it has daemons /usr/sbin/rpc.nfsd and /usr/sbin/rpc.mountd running.
2. /etc/exports is ok, it is:
/           *(rw,no_root_squash)
0
Question by:Risky101
    23 Comments
     
    LVL 2

    Expert Comment

    by:hoonexpert
    Are you sure you want to mount the / (root partition).

    Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.

    Hope it helps

    Manish.
    Baroda.
    India.
    0
     
    LVL 5

    Expert Comment

    by:paranoidcookie
    Firslty I hope you are doing this on a private network nfs is horribly flawed when it comes to security especially if you allow remote root.
    Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.

    Does /mnt/test exist?

    Are the root passwords the same on both boxes? and it not are you authenticating to the remote box with the correct password.
    0
     
    LVL 38

    Expert Comment

    by:wesly_chen
    Hi,

       Please check the permission on /. Is it 644. And restart nfsd:
    # exportfs -a
    # service nfs restart

       "no_root_squash" has allowed all root previlege.

    Regards,

    Wesly
    0
     

    Author Comment

    by:Risky101
    > Are you sure you want to mount the / (root partition).
    >
    > Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.

    There is no iptables utility on the embedded linux box.
    0
     

    Author Comment

    by:Risky101
    > Please check the permission on /. Is it 644. And restart nfsd:
    > # exportfs -a
    > # service nfs restart

    Tried that - same error.
    0
     

    Author Comment

    by:Risky101
    > Firslty I hope you are doing this on a private network nfs is horribly flawed
    > when it comes to security especially if you allow remote root.

    Yes, private network, for development only.

    > Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.

    There is no /etc/hosts.deny, /etc/hosts.allow has the line:
    ALL:ALL

    > Does /mnt/test exist?

    Yes.

    > Are the root passwords the same on both boxes? and it not are you authenticating to the remote > box with the correct password.

    No, the root passwords are different. I briefly tried changing the root password on the client to be the same as the password on the server - didnt work. How do I authenticate to the remote box with the correct password?
    0
     

    Author Comment

    by:Risky101
    > Are you sure you want to mount the / (root partition).
    >
    > Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.

    I'll restate this - there is no iptables utility on the nfs server (this is the embedded linux box).
    0
     
    LVL 38

    Expert Comment

    by:wesly_chen
    One more thing, could you check the "statd" and "lockd" are running on NFS server?

    Wesly
    0
     

    Author Comment

    by:Risky101
    No, there's not running - are these necessary?
    0
     
    LVL 38

    Expert Comment

    by:wesly_chen
    Yes, they are needed.
    Please do "service nfslock start" to turn on thes two services
    and "chkconfig --level 345 nfslock on" to make it start by boot-up.

    Wesly
    0
     

    Author Comment

    by:Risky101
    Er, are you sure that nfslock is needed? Nfslock is turned off on my Redhat 9.0 box, and it is working as a NFS server right now.

    According to "http://packages.debian.org/stable/net/nfs-user-server", "This package contains all necessary programs to make your Linux machine act as an NFS server, being an NFS daemon (rpc.nfsd), a mount daemon (rpc.mountd)."

    I am sure that there is some other explanation.
    0
     
    LVL 38

    Expert Comment

    by:wesly_chen
    OK, nslockd and statd provide file lock feature for multiple processes access the same file at the same time through NFS.
    It's more for file integration purpose to avoid multiple writing on the same file and corrupt the file.
    For me, it is necessary.

    For Debian, I'm not sure.

    Wesly
    0
     

    Author Comment

    by:Risky101
    Thanks for your feedback - I turned it off to try to make things more reliable; theres only two computers on the network and one app running on that directory so it should be ok.

    Any other clues as to why its failing?
    0
     
    LVL 2

    Expert Comment

    by:hoonexpert
    First of check what is exported by NFS Server

    #showmount –e <remote ip>

    1. for Client - Pls ping server and check if its working
    2. now # showmount –e <ip addr>

                             OR

    #showmount –e <netbios name of server>

    3. Next is to if portmapper service is working or not

    #rpcinfo –p <ip addr>

    Good Luck again.

    Manish.
    Baroda.
    India

    0
     

    Author Comment

    by:Risky101
    1. Running ping on client:

    $ ping 192.168.0.237
    $ 64 bytes from 192.168.0.237: icmp_seq=1 ttl=64 time=0.608ms

    2. Running showmount on client:

    $ showmount -e 192.168.0.237
    Export list for 192.168.0.237:
    / *

    3. Running rpcinfo on client:

    $ rpcinfo -p 192.168.0.237
       program vers proto   port
        100000    2   tcp    111  portmapper
        100000    2   udp    111  portmapper
        100003    2   udp   2049  nfs
        100003    2   tcp   2049  nfs
        100005    1   udp    625  mountd
        100005    2   udp    625  mountd
        100005    1   tcp    628  mountd
        100005    2   tcp    628  mountd

    4. The root password for the client and server is different. Would this stop it working? How can I authenticate across the network?
    0
     
    LVL 38

    Accepted Solution

    by:
    Hi,

       Could you change the nfs share point (/etc/exports) on the server to something other than "/"?
    Say
    /var *(rw,no_root_squash)
    to see you can mount server:/var first.

    Wesly
    0
     

    Author Comment

    by:Risky101
    > Hi,

    >    Could you change the nfs share point (/etc/exports) on the server to something other than "/"?
    > Say
    > /var *(rw,no_root_squash)
    > to see you can mount server:/var first.
    >
    > Wesly

    Same problem - permission denied.

    The root passwords on both boxes are different, but I can't figure out how to specify a different password when connecting.
    0
     
    LVL 2

    Expert Comment

    by:hoonexpert
    To whom does the IP pinged belongs to

    i mean 192.168.0.237

    regards,

    Manish.
    Baroda
    India.
    0
     

    Author Comment

    by:Risky101
    192.168.0.237 belongs to the NFS server.
    192.168.0.35 belongs to the NFS client.
    0
     

    Author Comment

    by:Risky101
    In the original post, I stated that 192.168.0.200 was the server. Either IP address for the server will do - there is two units.
    0
     
    LVL 38

    Expert Comment

    by:wesly_chen
    Do you have another Unix/Linux box in the same network?
    Could you try to mount from another Unix/Linux box?

    Wesly
    0
     

    Expert Comment

    by:squisher
    You mentioned that it is an embedded box, so maybe this does not apply but have you checked the syslog on the server for any relevant messages?
    0
     

    Author Comment

    by:Risky101
    I'm closing this, as there doesn't seem to be an answser forthcoming.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now