NFS denying access to root

CEHJ
CEHJ used Ask the Experts™
on
Despite specifying no_root_squash, root most definitely is getting squashed. This makes it difficult when i need to access the share as root (e.g. with Clonezilla).

Access denied to tree /bk. /etc/exports is
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/homes  gss/krb5i(rw,sync)
#
#/		192.168.1.0/24(rw,sync,crossmnt)
/		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
/bk		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
#/bk		192.168.1.0/24(rw,sync,crossmnt)
/mnt/mp3	192.168.1.0/24(rw,sync,crossmnt)

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solutions Only
arnold
Distinguished Expert 2017

Commented:
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want. Or limit the systems from which these NFS partitions can be accessed as root.
Squashing and not squashing means one thing.  Granting root access is another setting.
CEHJ
Top Expert 2016

Author

Commented:
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want.
Sorry - not quite with you there. Do you mean in /etc/exports? If so, could you show me how the file should look?
arnold
Distinguished Expert 2017

Commented:
At the end of each of the lines 12,13

,root=192.168.1.0/24 (rw)

Then run exportfs -a to have the change applied.
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Learn More!
CEHJ
Top Expert 2016

Author

Commented: 
exportfs: /etc/exports:1: syntax error: bad option list

shell returned 22

Open in new window

Distinguished Expert 2017
Commented:
what linux are you using?
Do you have Selinux enabled?
sestatus

Usually, you do not want to nfs share the root (/)

what error are you getting when mounting or trying to access?
CEHJ
Top Expert 2016

Author

Commented:
I don't think so. No sestatus command available to root, though there are seemingly 'remnants' e.g.

/lib/libselinux.so.1

what error are you getting when mounting or trying to access? 

goose@vaio:/tmp$ sudo ll h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz
ls: cannot access h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz: Permission denied

Open in new window

CEHJ
Top Expert 2016

Author

Commented:
I' m wondering if it might be because the principal (not root) user has got a sshfs mount at the same time (PKI only). Going to test that
CEHJ
Top Expert 2016
Commented:
Brainstorm i'm afraid. I didn't even have it mounted via nfs at all - only sshfs! That's why root (no PKI) couldn't access anything
CEHJ
Top Expert 2016

Author

Commented:
Thanks for the help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial