0

I made some shares with nfs This is the /etc/exports file(I know the no_root_squash is dangerous but is only temporary, for testing)

/srv/nfs4 10.3.0.0/24(ro,no_subtree_check,fsid=0,sec=krb5p:sys) 192.168.0.0/24(ro,no_subtree_check,fsid=0,sec=krb5p:sys) /srv/nfs4/kernels 10.3.0.0/24(rw,no_subtree_check,async,no_root_squash,nohide,sec=krb5p:sys) 192.168.0.0/24(rw,no_subtree_check,async,no_root_squash,nohide,sec=krb5p:sys)

If I mount the dir with sys option works all, posix acl are respected, and if I create a file as root, report permission as root(is this that I want).

mount -vvv -o sec=sys myserver:/kernels /mnt/ mount.nfs: timeout set for Tue Dec 28 07:18:41 2021 mount.nfs: trying text-based options 'sec=sys,proto=tcp,retrans=2,retry=1,acl,ac,rsize=32768,wsize=32768,bsize=32768,port=2049,vers=4,addr=10.3.0.1,clientaddr=10.3.0.1' cd /mnt mkdir 44944 root@server:/mnt$ ls -lhd * drwxr-xr-x 2 nobody nogroup 4,0K 28 dic 06.52 33/ drwxr-xr-x 2 root root 4,0K 28 dic 07.10 449/ drwxr-xr-x 2 nobody nogroup 4,0K 28 dic 07.17 4494/ drwxr-xr-x 2 root root 4,0K 28 dic 07.18 44944/

The problem is if I mount the dir with sec=krb5p, it force the mount as nobody:nogroup(sic!), i have tried giving the dir the 777 permission then enter as a kerberized user(i did kinit first) and I create a dir..it report the permission as nobody:nogroup.

mount -vvv -o sec=krb5p myserver:/kernels /mnt/ mount.nfs: timeout set for Tue Dec 28 07:21:45 2021 mount.nfs: trying text-based options 'sec=krb5p,proto=tcp,retrans=2,retry=1,acl,ac,rsize=32768,wsize=32768,bsize=32768,port=2049,vers=4,addr=10.3.0.1,clientaddr=10.3.0.1' mkdir 449444 root@myserver:/mnt$ ls -lhd * drwxr-xr-x 2 nobody nogroup 4,0K 28 dic 06.52 33/ drwxr-xr-x 2 root root 4,0K 28 dic 07.10 449/ drwxr-xr-x 2 nobody nogroup 4,0K 28 dic 07.17 4494/ drwxr-xr-x 2 root root 4,0K 28 dic 07.18 44944/ drwxr-xr-x 2 nobody nogroup 4,0K 28 dic 07.21 449444/

As you can se the dir is created as nobody nogroup(using chmod 777 otherwise give correctly permission denied)

What I have to check? The server and client are both Debian 11

Improve this question

1 Answer 1

Reset to default
0

Solution found. I'm on a multinetworked server, which is connect with one interface to one network, and another one with the another network. Before I use two "different" hostnames per network(the network A resolve my server as virt.domain.example and the network B resolve the server as router.domain.example) I have done this change, using the same hostname(but different domain of course) per network, and now works perfectly after daemon restart.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.