Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

NFS denying access to root

Despite specifying no_root_squash, root most definitely is getting squashed. This makes it difficult when i need to access the share as root (e.g. with Clonezilla).

Access denied to tree /bk. /etc/exports is
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/homes  gss/krb5i(rw,sync)
#
#/		192.168.1.0/24(rw,sync,crossmnt)
/		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
/bk		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
#/bk		192.168.1.0/24(rw,sync,crossmnt)
/mnt/mp3	192.168.1.0/24(rw,sync,crossmnt)

Open in new window

0
CEHJ
Asked:
CEHJ
  • 6
  • 3
2 Solutions
 
arnoldCommented:
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want. Or limit the systems from which these NFS partitions can be accessed as root.
Squashing and not squashing means one thing.  Granting root access is another setting.
0
 
CEHJAuthor Commented:
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want.
Sorry - not quite with you there. Do you mean in /etc/exports? If so, could you show me how the file should look?
0
 
arnoldCommented:
At the end of each of the lines 12,13

,root=192.168.1.0/24 (rw)

Then run exportfs -a to have the change applied.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
CEHJAuthor Commented:
exportfs: /etc/exports:1: syntax error: bad option list

shell returned 22

Open in new window

0
 
arnoldCommented:
what linux are you using?
Do you have Selinux enabled?
sestatus

Usually, you do not want to nfs share the root (/)

what error are you getting when mounting or trying to access?
0
 
CEHJAuthor Commented:
I don't think so. No sestatus command available to root, though there are seemingly 'remnants' e.g.

/lib/libselinux.so.1

what error are you getting when mounting or trying to access?

goose@vaio:/tmp$ sudo ll h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz
ls: cannot access h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz: Permission denied

Open in new window

0
 
CEHJAuthor Commented:
I' m wondering if it might be because the principal (not root) user has got a sshfs mount at the same time (PKI only). Going to test that
0
 
CEHJAuthor Commented:
Brainstorm i'm afraid. I didn't even have it mounted via nfs at all - only sshfs! That's why root (no PKI) couldn't access anything
0
 
CEHJAuthor Commented:
Thanks for the help
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now