Solved

NFS denying access to root

Posted on 2014-04-08
9
436 Views
Last Modified: 2014-04-13
Despite specifying no_root_squash, root most definitely is getting squashed. This makes it difficult when i need to access the share as root (e.g. with Clonezilla).

Access denied to tree /bk. /etc/exports is
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/homes  gss/krb5i(rw,sync)
#
#/		192.168.1.0/24(rw,sync,crossmnt)
/		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
/bk		192.168.1.0/24(rw,sync,no_root_squash,crossmnt)
#/bk		192.168.1.0/24(rw,sync,crossmnt)
/mnt/mp3	192.168.1.0/24(rw,sync,crossmnt)

Open in new window

0
Comment
Question by:CEHJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 39986488
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want. Or limit the systems from which these NFS partitions can be accessed as root.
Squashing and not squashing means one thing.  Granting root access is another setting.
0
 
LVL 86

Author Comment

by:CEHJ
ID: 39986615
You need to add root=192.168.1.0/24 (rw) to the line of the NFS share you want.
Sorry - not quite with you there. Do you mean in /etc/exports? If so, could you show me how the file should look?
0
 
LVL 78

Expert Comment

by:arnold
ID: 39986628
At the end of each of the lines 12,13

,root=192.168.1.0/24 (rw)

Then run exportfs -a to have the change applied.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Author Comment

by:CEHJ
ID: 39986670
exportfs: /etc/exports:1: syntax error: bad option list

shell returned 22

Open in new window

0
 
LVL 78

Accepted Solution

by:
arnold earned 250 total points
ID: 39986741
what linux are you using?
Do you have Selinux enabled?
sestatus

Usually, you do not want to nfs share the root (/)

what error are you getting when mounting or trying to access?
0
 
LVL 86

Author Comment

by:CEHJ
ID: 39986817
I don't think so. No sestatus command available to root, though there are seemingly 'remnants' e.g.

/lib/libselinux.so.1

what error are you getting when mounting or trying to access?

goose@vaio:/tmp$ sudo ll h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz
ls: cannot access h/bk/goose/clients/johnson/me/thinkstn-sysinfo.txt.gz: Permission denied

Open in new window

0
 
LVL 86

Author Comment

by:CEHJ
ID: 39987001
I' m wondering if it might be because the principal (not root) user has got a sshfs mount at the same time (PKI only). Going to test that
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 0 total points
ID: 39987031
Brainstorm i'm afraid. I didn't even have it mounted via nfs at all - only sshfs! That's why root (no PKI) couldn't access anything
0
 
LVL 86

Author Closing Comment

by:CEHJ
ID: 39997146
Thanks for the help
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question