Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NFS denying access to root

Posted on 2014-04-08
9
Medium Priority
?
443 Views
Last Modified: 2014-04-13
Despite specifying no_root_squash, root most definitely is getting squashed. This makes it difficult when i need to access the share as root (e.g. with Clonezilla).

Access denied to tree /bk. /etc/exports is
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/homes  gss/krb5i(rw,sync)
#
#/		192.168.1.0/24(rw,sync,crossmnt)
/		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
/bk		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
#/bk		192.168.1.0/24(rw,sync,crossmnt)
/mnt/mp3	192.168.1.0/24(rw,sync,crossmnt)

Open in new window

0
Comment
Question by:CEHJ
  • 6
  • 3
9 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 39986488
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want. Or limit the systems from which these NFS partitions can be accessed as root.
Squashing and not squashing means one thing.  Granting root access is another setting.
0
 
LVL 86

Author Comment

by:CEHJ
ID: 39986615
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want.
Sorry - not quite with you there. Do you mean in /etc/exports? If so, could you show me how the file should look?
0
 
LVL 80

Expert Comment

by:arnold
ID: 39986628
At the end of each of the lines 12,13

,root=192.168.1.0/24 (rw)

Then run exportfs -a to have the change applied.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 86

Author Comment

by:CEHJ
ID: 39986670
exportfs: /etc/exports:1: syntax error: bad option list

shell returned 22

Open in new window

0
 
LVL 80

Accepted Solution

by:
arnold earned 750 total points
ID: 39986741
what linux are you using?
Do you have Selinux enabled?
sestatus

Usually, you do not want to nfs share the root (/)

what error are you getting when mounting or trying to access?
0
 
LVL 86

Author Comment

by:CEHJ
ID: 39986817
I don't think so. No sestatus command available to root, though there are seemingly 'remnants' e.g.

/lib/libselinux.so.1

what error are you getting when mounting or trying to access?

goose@vaio:/tmp$ sudo ll h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz
ls: cannot access h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz: Permission denied

Open in new window

0
 
LVL 86

Author Comment

by:CEHJ
ID: 39987001
I' m wondering if it might be because the principal (not root) user has got a sshfs mount at the same time (PKI only). Going to test that
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 0 total points
ID: 39987031
Brainstorm i'm afraid. I didn't even have it mounted via nfs at all - only sshfs! That's why root (no PKI) couldn't access anything
0
 
LVL 86

Author Closing Comment

by:CEHJ
ID: 39997146
Thanks for the help
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month10 days, 11 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question