How do I copy files to a NFS mount directory and also preserve the group and user ownership of the files?


I am in the process of transferring files from a systems local directory to a NFS mount directory on that same system.  In the process of copying the files from the old directory to the NFS mount directory, I receive several messages of "cp: failed to preserve ownership for <file name> : Not owner" .  The previous user and group owners have now changed to nobody4 and nogroup in the NFS mount directory.  Please assist on the command that I should have used to prevent this from happening?  Is there something that I should configure on the NAS system (NetApp)?  If there so, please provide a solution.  I really appreciate your help.
Who is Participating?
Brian UtterbackConnect With a Mentor Principle Software EngineerCommented:
You apparently have set anonymous user to root. This is a common solution and has a similar effect as setting the root user as trusted. However, the security ramifications are huge. You should never set the anonymous user to 0 or root.  Consider what is happening:

The reason that root is not trusted by default is that this makes the access of the files on the server dependent on the trustworthiness of the client. Root has special privs, and the server relies on the client to specify the user of all operations. If the client is malicious, then it is trivial to access all files on the server as root, if the root user on the client is trusted by default.

So, the default is to set accesses by root on the client to be treated as if there are access by an anonymous users, usually nobody. Thus root on the client will only have the accesses that any user on the server would have, preventing root from accessing anything other than world readable files.

When you set anonymous user to 0, you are reversing the effect of the mapping. Root gets mapped to the anonymous user, and the anonymous user gets mapped back to root. So, this solved your problem, root gets root access on the server.

But consider, you have given root access to all clients, including untrusted ones. You have also now given root access to clients that have unauthenticated users. So, for some kind of clients that do not provide authentication (some PC clients, for instance), users using those clients will get root access to the servers, by *default*.

The correct mechanism is the one I described, namely to set the export options to trust the client the root access from individual clients, not to map the anonymous user to 0.
Brian UtterbackPrinciple Software EngineerCommented:
You need to run the command as root with the "-p" option to cp. In addition, you need to have root access to the NFS mount, which is doesn't sound like you have. In that case, you need to run the cp command from the account of the user that owns those files. You can use the su command to become the user and then run the cp command.  When the root user on a system is not set as a trusted root account, you usually find that the files that root creates on the NFS volume end up owned as "nobody"
gsalcedoAuthor Commented:
Hi blu,

When I copy the files, I did it as root.  The command that I used was cp -pr <file name> <NFS mount directory>.  Even as root, I still receive the "cp: failed to preserve ownership for <file name> : Not owner" errors.  Is there some options that I am supposed select on the NAS system's NFS export volume, such as Actual Path, Anonymous User ID, Root Access and more?
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Brian UtterbackPrinciple Software EngineerCommented:
Correct. The key thing is the "root access". Without root access, the remote root user is treated as an ordinary user, namely the "nobody" user. That means that the attempts to change the owner of the file failed and the file owner was left as "nobody". If you set root access for the remote system, then the root user will be treated as root and not as nobody, and the attempts to chnage the ownership will succeed.
How does your /etc/dfs/dfstab look on the receiving node?
gsalcedoAuthor Commented:
Hi Everyone,

The problem was not the options that I indicated with the "cp" command, but the options that I selected on the NFS server (NetApp).  One of the options that I had to select was "Anonymous user."   After selecting that option and then running the same "cp" command with the "-pr" options, the copy of the files with the right ownership worked just fine.  Thank you very much for your advices.
1. Make your nfs mount as read write

share -F nfs -o rw,anon=0  /mount

mount it in local as mounttest

copy all files from mount1 to mounttest

cd /mount1; tar cvfp - . | (cd /mounttest; tar xvfp -)

that's all
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.