How do I copy files to a NFS mount directory and also preserve the group and user ownership of the files?

Hi,

I am in the process of transferring files from a systems local directory to a NFS mount directory on that same system.  In the process of copying the files from the old directory to the NFS mount directory, I receive several messages of "cp: failed to preserve ownership for <file name> : Not owner" .  The previous user and group owners have now changed to nobody4 and nogroup in the NFS mount directory.  Please assist on the command that I should have used to prevent this from happening?  Is there something that I should configure on the NAS system (NetApp)?  If there so, please provide a solution.  I really appreciate your help.
gsalcedoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian UtterbackPrinciple Software EngineerCommented:
You need to run the command as root with the "-p" option to cp. In addition, you need to have root access to the NFS mount, which is doesn't sound like you have. In that case, you need to run the cp command from the account of the user that owns those files. You can use the su command to become the user and then run the cp command.  When the root user on a system is not set as a trusted root account, you usually find that the files that root creates on the NFS volume end up owned as "nobody"
0
gsalcedoAuthor Commented:
Hi blu,

When I copy the files, I did it as root.  The command that I used was cp -pr <file name> <NFS mount directory>.  Even as root, I still receive the "cp: failed to preserve ownership for <file name> : Not owner" errors.  Is there some options that I am supposed select on the NAS system's NFS export volume, such as Actual Path, Anonymous User ID, Root Access and more?
0
Brian UtterbackPrinciple Software EngineerCommented:
Correct. The key thing is the "root access". Without root access, the remote root user is treated as an ordinary user, namely the "nobody" user. That means that the attempts to change the owner of the file failed and the file owner was left as "nobody". If you set root access for the remote system, then the root user will be treated as root and not as nobody, and the attempts to chnage the ownership will succeed.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

peter991Commented:
How does your /etc/dfs/dfstab look on the receiving node?
0
gsalcedoAuthor Commented:
Hi Everyone,

The problem was not the options that I indicated with the "cp" command, but the options that I selected on the NFS server (NetApp).  One of the options that I had to select was "Anonymous user."   After selecting that option and then running the same "cp" command with the "-pr" options, the copy of the files with the right ownership worked just fine.  Thank you very much for your advices.
0
Brian UtterbackPrinciple Software EngineerCommented:
You apparently have set anonymous user to root. This is a common solution and has a similar effect as setting the root user as trusted. However, the security ramifications are huge. You should never set the anonymous user to 0 or root.  Consider what is happening:

The reason that root is not trusted by default is that this makes the access of the files on the server dependent on the trustworthiness of the client. Root has special privs, and the server relies on the client to specify the user of all operations. If the client is malicious, then it is trivial to access all files on the server as root, if the root user on the client is trusted by default.

So, the default is to set accesses by root on the client to be treated as if there are access by an anonymous users, usually nobody. Thus root on the client will only have the accesses that any user on the server would have, preventing root from accessing anything other than world readable files.

When you set anonymous user to 0, you are reversing the effect of the mapping. Root gets mapped to the anonymous user, and the anonymous user gets mapped back to root. So, this solved your problem, root gets root access on the server.

But consider, you have given root access to all clients, including untrusted ones. You have also now given root access to clients that have unauthenticated users. So, for some kind of clients that do not provide authentication (some PC clients, for instance), users using those clients will get root access to the servers, by *default*.

The correct mechanism is the one I described, namely to set the export options to trust the client the root access from individual clients, not to map the anonymous user to 0.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SaranyakkaliCommented:
1. Make your nfs mount as read write

share -F nfs -o rw,anon=0  /mount

mount it in local as mounttest

copy all files from mount1 to mounttest

cd /mount1; tar cvfp - . | (cd /mounttest; tar xvfp -)

that's all
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.