5

I have two servers, client and server in fairly obvious roles: server hosts the NFS share and client has it mounted. There is a shared group among several users on client called shared which also exists on server. My permissions on server for the share look like this:

user@server $ ls -al /export/share/ drwxrwsr-x+ 3 shared shared 4096 Apr 19 01:25 . drwxr-xr-x 3 root root 4096 Apr 12 20:10 ..

The goal is pretty clearly displayed, I'd like all members of the shared group to be able to create, write, and delete files in this directory. On client, a ls -la of the mounted directory leads the same results.

The NFS exports file on server looks like this:

/export/share 10.0.0.0/24(rw,nohide,insecure,no_subtree_check,async)

The mount on client in /etc/fstab looks like this:

10.0.0.1:/export/share /mnt/share nfs _netdev,noatime,intr,auto 0 0

The output of mount from client:

10.0.0.1:/export/share on /mnt/streams type nfs (rw,noatime,intr,vers=4,addr=10.0.0.1,clientaddr=10.0.0.2)

However, I still can't seem to be able to create files in that directory using a user in the group.

For instance, a user jack:

user@server $ id jack uid=1001(jack) gid=1001(jack) groups=1001(jack),1010(shared)

If I try touching a file in the mounted folder on client, permission is denied:

user@client $ sudo -u jack touch /mnt/share/a touch: cannot touch `/mnt/share/a': Permission denied

Why isn't this working as expected? Shouldn't I be able to create files and folders as jack in this folder since he's a member of the shared group?

Improve this question
4
  • Just a guess but it might have something to do with "other" having read-only permissions and that the user on client is probably using the nobody user account. I would give the writable bit to world, touch a new file, and see who ends up owning that file. Commented Apr 19, 2013 at 15:29
  • Make sure the NFS is exported RW, also check the group id on the nfs server and client to make sure shared is the same gid Commented Apr 19, 2013 at 15:36
  • Can you provide the output from the command mount? Also can root on the client create a file on the mount? Commented Apr 19, 2013 at 16:55
  • I've provided the output in the answer and it seems that even root can't create a file there. Commented Apr 19, 2013 at 19:41

2 Answers 2

Reset to default
3

How are you disseminating the user/group info that's contained in /etc/passwd and /etc/group? You typically need to use NIS, LDAP, or rsync the /etc/passwd /etc/group files to all the machines that are automounting these mounts. Otherwise the clients know nothing of the permissions on the filesystem.

You might want to peruse the NIS Howto.

Improve this answer
3
  • User jake doesn't exist on server but he does on client. Could that be the problem? The group exists with the same id on both client and server. Commented Apr 19, 2013 at 21:14
  • Yes that's the problem, the userid's need to match on the client and the filesystem being exported from the server. It doesn't key off of the name it's the userid's in the /etc/passwd file that are key. These are what's written to the disk. Commented Apr 19, 2013 at 21:16
  • Ultimate solution: You basically need a perfect copy of the users, groups, and their relationships (which users belong to which groups) on server. Commented Apr 19, 2013 at 21:57
1

NFS works with "groupid" and "userid", the actual numbers not the names. Make sure that groups and users have the same id on both server and client. Check /etc/passwd and /etc/group on both server and client. An ideal setup is to have all users and groups shared over NIS or LDAP server.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.