NFS root omly access -

classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

NFS root omly access -

Bob Goodwin-Fastmail
My NFS server works fine but not as a user other than root and I have
not been able to change that. I suspect this is not an uncommon problem
and hope that someone can tell me how to fix it?

--
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Cameron Simpson-2
On 09Dec2019 18:05, Bob Goodwin <[hidden email]> wrote:
>My NFS server works fine but not as a user other than root and I have
>not been able to change that. I suspect this is not an uncommon problem
>and hope that someone can tell me how to fix it?

Are you saying that on a _client_ machine, users who are not root cannot
browse the mounted NFS tree?

If so, the first thing to come to mind is that traditionally, the
underlying mount directory permissions govern access to the top of the
mount.  So:

- umount the NFS share
- look at the perms on the mount point; are they root only?
- try: chmod 755 /the/mount/point
- remount the NFS share and retest

Cheers,
Cameron Simpson <[hidden email]>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Ed Greshko
On 2019-12-10 07:21, Cameron Simpson wrote:

> On 09Dec2019 18:05, Bob Goodwin <[hidden email]> wrote:
>> My NFS server works fine but not as a user other than root and I have not been able to change that. I suspect this is not an uncommon problem and hope that someone can tell me how to fix it?
>
> Are you saying that on a _client_ machine, users who are not root cannot browse the mounted NFS tree?
>
> If so, the first thing to come to mind is that traditionally, the underlying mount directory permissions govern access to the top of the mount.  So:
>
> - umount the NFS share
> - look at the perms on the mount point; are they root only?
> - try: chmod 755 /the/mount/point
> - remount the NFS share and retest
>

That isn't quite what he'd want.  Example below.  Note that this is a home system and I keep the UID and GID
of all users the same on multiple system.

Example:    (The NFS client is meimei and I start with no file system mounted)

[egreshko@meimei ~]$ whoami
egreshko

[egreshko@meimei ~]$ ls -ld /mnt
drwxr-xr-x. 3 root root 4096 Jul 25 08:35 /mnt

[egreshko@meimei ~]$ touch /mnt/x
touch: cannot touch '/mnt/x': Permission denied

[egreshko@meimei ~]$ sudo mount f31k:/home/egreshko /mnt

[egreshko@meimei ~]$ ls -ld /mnt
drwx------. 17 egreshko egreshko 4096 Dec  9 23:00 /mnt

[egreshko@meimei ~]$ touch /mnt/x
[egreshko@meimei ~]$ ls -l /mnt
total 36
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Desktop
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Documents
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Downloads
drwxrwxr-x. 2 egreshko egreshko 4096 Nov 27 08:29 flash
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Music
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Pictures
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Public
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Templates
drwxr-xr-x. 2 egreshko egreshko 4096 Nov 22 10:56 Videos
-rw-rw-r--. 1 egreshko egreshko    0 Dec 10 07:50 x

Note that the mounted file system keeps the UID/GID as defined on server.

So, one way of ensuring users can access mounted file systems as themselves is it make it such
that the UID/GID's match on the client and server and that the permissions are such that it allows
the needed access.




--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Cameron Simpson-2
On 10Dec2019 07:55, Ed Greshko <[hidden email]> wrote:

>On 2019-12-10 07:21, Cameron Simpson wrote:
>> On 09Dec2019 18:05, Bob Goodwin <[hidden email]> wrote:
>>> My NFS server works fine but not as a user other than root and I have not been able to change that. I suspect this is not an uncommon problem and hope that someone can tell me how to fix it?
>>
>> Are you saying that on a _client_ machine, users who are not root cannot browse the mounted NFS tree?
>>
>> If so, the first thing to come to mind is that traditionally, the underlying mount directory permissions govern access to the top of the mount.  So:
>>
>> - umount the NFS share
>> - look at the perms on the mount point; are they root only?
>> - try: chmod 755 /the/mount/point
>> - remount the NFS share and retest
>>
>
>That isn't quite what he'd want.

Do we know what Bob wants? It sounds like his clients can't access the
mounted FS even though the perms with it are likely the same.

The above procedure is to _test_ if the perms on theunderlying mount are
causing his nonroot users this trouble.

Awaiting further details from Bob, myself.

>Example below.  Note that this is a home system and I keep the UID and GID
>of all users the same on multiple system.
>
>Example:    (The NFS client is meimei and I start with no file system mounted)
>
>[egreshko@meimei ~]$ whoami
>egreshko
>
>[egreshko@meimei ~]$ ls -ld /mnt
>drwxr-xr-x. 3 root root 4096 Jul 25 08:35 /mnt
>
>[egreshko@meimei ~]$ touch /mnt/x
>touch: cannot touch '/mnt/x': Permission denied

Aye, but I have the impression that his failure happen post mount, not
before the mount.

Cheers,
Cameron Simpson <[hidden email]>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Ed Greshko
On 2019-12-10 11:22, Cameron Simpson wrote:

> On 10Dec2019 07:55, Ed Greshko <[hidden email]> wrote:
>> On 2019-12-10 07:21, Cameron Simpson wrote:
>>> On 09Dec2019 18:05, Bob Goodwin <[hidden email]> wrote:
>>>> My NFS server works fine but not as a user other than root and I have not been able to change that. I suspect this is not an uncommon problem and hope that someone can tell me how to fix it?
>>>
>>> Are you saying that on a _client_ machine, users who are not root cannot browse the mounted NFS tree?
>>>
>>> If so, the first thing to come to mind is that traditionally, the underlying mount directory permissions govern access to the top of the mount.  So:
>>>
>>> - umount the NFS share
>>> - look at the perms on the mount point; are they root only?
>>> - try: chmod 755 /the/mount/point
>>> - remount the NFS share and retest
>>>
>>
>> That isn't quite what he'd want.
>
> Do we know what Bob wants? It sounds like his clients can't access the mounted FS even though the perms with it are likely the same.
>
> The above procedure is to _test_ if the perms on theunderlying mount are causing his nonroot users this trouble.

The permissions and ownership of the mount-point on the client prior to mounting are irrelevant.

This is what my example showed.  The mount point prior to mount was owned by root:root and permissions
were such that a user could not save a file.

The exported directory is owned by a user whose UID/GID are equal on both server and client.

Once the exported directory is mounted on the client, as shown, it retains the UID/GID and permissions
which have been set on the server side.  Subsequently, the user on the client can access it normally.

>
> Awaiting further details from Bob, myself.
>
>> Example below.  Note that this is a home system and I keep the UID and GID
>> of all users the same on multiple system.
>>
>> Example:    (The NFS client is meimei and I start with no file system mounted)
>>
>> [egreshko@meimei ~]$ whoami
>> egreshko
>>
>> [egreshko@meimei ~]$ ls -ld /mnt
>> drwxr-xr-x. 3 root root 4096 Jul 25 08:35 /mnt
>>
>> [egreshko@meimei ~]$ touch /mnt/x
>> touch: cannot touch '/mnt/x': Permission denied
>
> Aye, but I have the impression that his failure happen post mount, not before the mount.
>

I don't know why you cut off the rest of my post.  To do so eliminates the demonstration that
it mattered not that pre-mount the mount point didn't have write access to the user.  You will note
that the directory was "755" as your reply suggested. 

Yes, it happens "post mount".  But changing the settings of the "pre mount" mount point of the
client won't affect the outcome. 

--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Ed Greshko
In reply to this post by Bob Goodwin-Fastmail
On 2019-12-10 07:05, Bob Goodwin wrote:
> My NFS server works fine but not as a user other than root and I have not been able to change that. I suspect this is not an uncommon problem and hope that someone can tell me how to fix it?

Well, I suppose it would be a good idea to know a bit more about your requirements.

First, I understand that you'd like a "user" to be able to read/write to the NFS mounted directory on
a client.  And, secondly, at the moment only root has r/w ability.  Correct?

So,

1.  How many users need to have r/w access to the NFS mounted directories?
2.  If you are supporting multiple users, will they each have their own NFS directory/export?
3.  Or do you want a single NFS exported directory that all users have access?


--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail

On 2019-12-10 03:42, Ed Greshko wrote:
> First, I understand that you'd like a "user" to be able to read/write to the NFS mounted directory on
> a client.  And, secondly, at the moment only root has r/w ability.  Correct?

.

Yes and yes.

>
> So,
>
> 1.  How many users need to have r/w access to the NFS mounted directories?

.

Just one, bobg, the others all have A[[Apple equipment which does not
have the ability to use NFS. They can only use my Samba server which I
have to maintain too. :-(

> 2.  If you are supporting multiple users, will they each have their own NFS directory/export?
.
> not applicable.

> 3.  Or do you want a single NFS exported directory that all users have access?

.

Yes, I am all the users, might address  /media/nfs  as user "rfg" perhaps.

.

Presently, I can do whatever I need to do with NFS from a terminal as
root. A few minutes ago I started Thunar file manager from the su'd root
terminal and could do whatever I tried, from /media/nfs, navigate
through the tree, read and write files, delete filesr in Libreoffice and
Notecase Pro to use the fiiles, it all works perfectly.

Repeating the same as user bobg in /media/nfs i can navigate to "nfs"
and it sees nothing beyond that.

It's early here, the sun is not up yet, I wont be able to deal with this
until later today but I wanted to respond, thank you, Bob.

-
-
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root omly access -

Patrick O'Callaghan-2
In reply to this post by Ed Greshko
On Tue, 2019-12-10 at 16:42 +0800, Ed Greshko wrote:

> On 2019-12-10 07:05, Bob Goodwin wrote:
> > My NFS server works fine but not as a user other than root and I have not been able to change that. I suspect this is not an uncommon problem and hope that someone can tell me how to fix it?
>
> Well, I suppose it would be a good idea to know a bit more about your requirements.
>
> First, I understand that you'd like a "user" to be able to read/write to the NFS mounted directory on
> a client.  And, secondly, at the moment only root has r/w ability.  Correct?
>
> So,
>
> 1.  How many users need to have r/w access to the NFS mounted directories?
> 2.  If you are supporting multiple users, will they each have their own NFS directory/export?
> 3.  Or do you want a single NFS exported directory that all users have access?

4. Do you want the user to be able to mount the directory at will?
(this will require additional options in /etc/fstab)

poc
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Ed Greshko
In reply to this post by Bob Goodwin-Fastmail
On 2019-12-10 19:34, Bob Goodwin wrote:

>
> On 2019-12-10 03:42, Ed Greshko wrote:
>> First, I understand that you'd like a "user" to be able to read/write to the NFS mounted directory on
>> a client.  And, secondly, at the moment only root has r/w ability.  Correct?
>
> .
>
> Yes and yes.
>
>>
>> So,
>>
>> 1.  How many users need to have r/w access to the NFS mounted directories?
>
> .
>
> Just one, bobg, the others all have A[[Apple equipment which does not have the ability to use NFS. They can only use my Samba server which I have to maintain too. :-(
>
>> 2.  If you are supporting multiple users, will they each have their own NFS directory/export?
> .
>> not applicable.
>
>> 3.  Or do you want a single NFS exported directory that all users have access?
>
> .
>
> Yes, I am all the users, might address  /media/nfs  as user "rfg" perhaps.
>
> .
>
> Presently, I can do whatever I need to do with NFS from a terminal as root. A few minutes ago I started Thunar file manager from the su'd root terminal and could do whatever I tried, from /media/nfs, navigate through the tree, read and write files, delete filesr in Libreoffice and Notecase Pro to use the fiiles, it all works perfectly.
>
> Repeating the same as user bobg in /media/nfs i can navigate to "nfs" and it sees nothing beyond that.
>
> It's early here, the sun is not up yet, I wont be able to deal with this until later today but I wanted to respond, thank you, Bob.

OK....

Then, are your UID/GID the same on all systems?  Just check in your passwd file.  For example. 

[egreshko@meimei ~]$ grep maria /etc/passwd
maria:x:1030:1030:Maria Yang:/home/maria:/bin/bash

The UID of that user is 1030 and just so happens so is the GID.
And the GID is defined here

[egreshko@meimei ~]$ grep maria /etc/group
maria:x:1030:

So, assuming yours is similar, all you need do on the server is...

chown -R bobg:bobg /nfs4exports

Using maria as an example....


ORIGINALLY on the client

The file system has been mounted and shows up in df as so

[maria@frk ~]$ df | grep some
f31k:/nfs4exports/home       27663360 6973696  19261440  27% /somepoint

[maria@frk ~]$ ll -d /somepoint/
drwxr-xr-x. 2 root root 4096 Dec 10 20:24 /somepoint/

[maria@frk ~]$ touch /somepoint/x
touch: cannot touch '/somepoint/x': Permission denied

Then on the server.

root@f31k /]# chown -R maria:maria /nfs4exports/

Now, back on the client.

[maria@frk ~]$ ll -d /somepoint/
drwxr-xr-x. 2 maria maria 4096 Dec 10 20:33 /somepoint/

[maria@frk ~]$ touch /somepoint/x

[maria@frk ~]$ ls /somepoint/x
/somepoint/x


OK?


--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail

On 2019-12-10 07:40, Ed Greshko wrote:
> OK....
> Then, are your UID/GID the same on all systems?  Just check in your passwd file.  For example.

.

Consistent but not the same:

[bobg@NFS-Server ~]$ cat /etc/group
root:x:0:

bobg:x:1000:

[root@Workstation-1 cat /etc/group

root:x:0:

bobg:x:1000:




--
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Ed Greshko
On 2019-12-10 22:50, Bob Goodwin wrote:

>
> On 2019-12-10 07:40, Ed Greshko wrote:
>> OK....
>> Then, are your UID/GID the same on all systems?  Just check in your passwd file.  For example.
>
> .
>
> Consistent but not the same:
>
> [bobg@NFS-Server ~]$ cat /etc/group
> root:x:0:
>
> bobg:x:1000:
>
> [root@Workstation-1 cat /etc/group
>
> root:x:0:
>
> bobg:x:1000:
>
>
>
>

What do you mean?

The GID of bobg is 1000 in both cases.

How about the UID?

--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail
.

On 2019-12-10 09:54, Ed Greshko wrote:
> The GID of bobg is 1000 in both cases.
>
> How about the UID?

.

*Dunno where to look?*

--
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Patrick O'Callaghan-2
On Tue, 2019-12-10 at 10:08 -0500, Bob Goodwin wrote:

> .
>
> On 2019-12-10 09:54, Ed Greshko wrote:
> > The GID of bobg is 1000 in both cases.
> >
> > How about the UID?
>
> .
>
> *Dunno where to look?*

$ grep bobg /etc/passwd

poc
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail

On 2019-12-10 11:17, Patrick O'Callaghan wrote:
>> *Dunno where to look?*
> $ grep bobg /etc/passwd
>
> poc

.

Client -

[root@Workstation-1 bobg]# grep bobg /etc/passwd
bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash

[root@Workstation-1 bobg]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash

server-

[root@NFS-Server bobg]# grep bobg /etc/passwd
bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash

[root@NFS-Server bobg]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin


If this is a problem, I really don't know what it should be? It appears
they are the same on the server as on the client

Confusion prevails here, that is for me ...

--
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Ed Greshko
On 2019-12-11 03:34, Bob Goodwin wrote:

>
> On 2019-12-10 11:17, Patrick O'Callaghan wrote:
>>> *Dunno where to look?*
>> $ grep bobg /etc/passwd
>>
>> poc
>
> .
>
> Client -
>
> [root@Workstation-1 bobg]# grep bobg /etc/passwd
> bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash
>
> [root@Workstation-1 bobg]# grep root /etc/passwd
> root:x:0:0:root:/root:/bin/bash
>
> server-
>
> [root@NFS-Server bobg]# grep bobg /etc/passwd
> bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash
>
> [root@NFS-Server bobg]# grep root /etc/passwd
> root:x:0:0:root:/root:/bin/bash
> operator:x:11:0:operator:/root:/sbin/nologin
>
>
> If this is a problem, I really don't know what it should be? It appears they are the same on the server as on the client
>
> Confusion prevails here, that is for me ...
>

This shows that the UID for bobg (the first number in the password entry) is 1000
This shows that the GID for bobg (the second number in the password entry) is 1000

So, they are the same.  That is what is wanted.

Therefore, follow what I said earlier.

On the server.....

chown -R bobg:bobg /nfs4exports

Making ownership of the directory.



--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

George N. White III
In reply to this post by Bob Goodwin-Fastmail
On Tue, 10 Dec 2019 at 15:35, Bob Goodwin <[hidden email]> wrote:

On 2019-12-10 11:17, Patrick O'Callaghan wrote:
>> *Dunno where to look?*
> $ grep bobg /etc/passwd
>
> poc

.

Client -

[root@Workstation-1 bobg]# grep bobg /etc/passwd
bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash

[root@Workstation-1 bobg]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash

server-

[root@NFS-Server bobg]# grep bobg /etc/passwd
bobg:x:1000:1000:Bob Goodwin:/home/bobg:/bin/bash

[root@NFS-Server bobg]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin


If this is a problem, I really don't know what it should be? It appears
they are the same on the server as on the client

Confusion prevails here, that is for me ...

It isn't just you, colleagues at work often struggle with NFS configuration. 

I'm impressed by the patience and dedication shown by members
of this list for your NFS problems, but I'm also concerned
that the ensuing discussion rushed to solve the original problem, but
leaves you no further ahead when a similar issue crops up in the future.  

Give a person a configuration file and their system works for a while,
but show a person where to find the documentation and they have
configurations for life.

NFS has been around since 1984 (https://en.wikipedia.org/wiki/Network_File_System)
and is widely used on BSD, MacOS, and linux systems.  There are now many
alternative file-sharing mechanisms.   For a given use case it is not always
easy to know which sharing system is most appropriate.

Some keys things to understand about NFS are:

1) the server accepts the client systems validation of user credentials, based on
the UID and GID not the username used on the client.   As a side note, the "id"
command is an easy way to get UID and GID:

Example from a debian system:
$ id seadas
uid=1001(seadas) gid=1001(seadas) groups=1001(seadas),4(adm),27(sudo)
Example from a fedora system:
$ id seadas
uid=1001(seadas) gid=1001(seadas) groups=1001(seadas),4(adm),10(wheel),11(cdrom)

2)  it is clearly important that the server connect to the intended client (rather than some random IOT device that
has been configured by a hacker to use the hostname of your client).   DNS can't be trusted, so some systems
require the client to be configured in the hosts file. 

3)  file permissions and ACL's from the server's exported filesystem are honoured by clients.   Additional
controls can be applied in the /etc/exports file.

4)  NFS relies on a multiple services.   There are corresponding tools to query the status of various services.

Many linux distros have documentation on NFS configuration.   RHEL docs are often more complete than those
for fedora, so you might find the following helpful:


If you can find time to review this while the steps you have taken are fresh in your mind, you should
find things less confusing, and have some idea of how to proceed next time you need to configure
NFS.

--
George N. White III


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail
In reply to this post by Ed Greshko

On 2019-12-10 15:32, Ed Greshko wrote:
> Therefore, follow what I said earlier.
>
> On the server.....
>
> chown -R bobg:bobg /nfs4exports
>
> Making ownership of the directory.

.

Before

> [root@NFS-Server bobg]# ll -al /nfs4exports
> total 12
> drwxr-xr-x.  3 bobg root 4096 Dec  8 16:21 .
> dr-xr-xr-x. 20 root root 4096 Dec  9 11:01 ..
> drwxrwxr--.  5 root root 4096 Dec  9 13:47 home

[root@NFS-Server bobg]# chown -R bobg:bobg /nfs4exports

After

[root@NFS-Server bobg]# ll -al /nfs4exports
total 12
drwxr-xr-x.  3 bobg bobg 4096 Dec  8 16:21 .
dr-xr-xr-x. 20 root root 4096 Dec  9 11:01 ..
drwxrwxr--.  5 bobg bobg 4096 Dec  9 13:47 home


After system restart nfs-server and exportfs -ar at the server the
client mount is:

192.168.2.128:/nfs4exports/home on /media/nfs type nfs4
(rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.153,local_lock=none,addr=192.168.2.128)

but permission still denied of the client:

[bobg@Workstation-1 ~]$ ll -al /media/nfs/
ls: cannot access '/media/nfs/': Permission denied

Still something missing ,,,  Dunno, maybe I should reboot both computers?


--

  Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Ed Greshko
On 2019-12-11 06:49, Bob Goodwin wrote:
> [bobg@Workstation-1 ~]$ ll -al /media/nfs/
> ls: cannot access '/media/nfs/': Permission denied
>
> Still something missing ,,,  Dunno, maybe I should reboot both computers?

On Workstation-1....

What do the ls command show when run by "root"?

--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Bob Goodwin-Fastmail
In reply to this post by George N. White III

On 2019-12-10 17:20, George N. White III wrote:
> DNS can't be trusted, so some systems
> require the client to be configured in the hosts file.

.

I don't recall ever doing that in the past, could it be a requirement
now in Fedora-31? I did not make the hosts.allow file mentioned in the
instructions I used.

--
Bob Goodwin - Zuni, Virginia,
Fedora Linux-31 XFCE
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: NFS root only access -

Ed Greshko
In reply to this post by Bob Goodwin-Fastmail
On 2019-12-11 06:49, Bob Goodwin wrote:
> [bobg@Workstation-1 ~]$ ll -al /media/nfs/
> ls: cannot access '/media/nfs/': Permission denied
>
> Still something missing ,,,  Dunno, maybe I should reboot both computers?

Ooopss...

Sorry, early in my AM and my brain wasn't turned on without coffee.

You have mounted /nfs4exports/home on /media/nfs.

This is fine, and /media/nfs will have the correct permissions.  However, the permissions of the
preceding directory are important as well.  On the client, they are not inherited from the server.

So, you need to change the permissions on /media on the client.

The easiest way is to do, on the client, as root.

chown bobg:bobg /media



--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
12