Need help to understand NFS

[nORKy]

Hi,

I need some help to understand NFS with ZFS and permissions. On my server, I have:

# ls -la /u
total 11
drwx--x--x   3 root  wheel   3 Jul  9 16:39 .
drwxr-xr-x  20 root  wheel  25 Apr 22 15:06 ..
drwx--x--x  3 root  wheel  3 Jul  9 16:37 user1

# ls -l /u/user1
total 4
drwx-----x  5 MYWWW\user1  users  5 Jul  9 16:39 home

/u, /u/user1 and /u/user1/home are ZFS partitions. My server is a Samba4 DC too (can use nfsv4acls)

My /etc/exports:

V4: /u  -sec=krb5p -network 10.35.66.0 -mask 255.255.255.0

/u
/u/user1
/u/user1/home
/u/user1/home/www

On my client:

# mount_nfs -o nfsv4 10.35.65.1:/ /u
# ls /u
ls: /u: Permission denied

I don't understand the 'permission denied'. If I set a maproot=root, all files are set to root. (I lost the MYWWW\user1).

How can I share my directories with the same originals permissions? Thank you.

 

[Chris_H]

Greetings @nORKy, I'll take a stab at this -- but no guarantees expressed, or implied, as I have zero experience with ZFS. A couple of things come to mind; What does the server log have to say. This will give you a far better understanding of why your server rejected the mount(8).

What is in your hosts.allow(5) file? Are your clients "whitelisted"? Is RPC BIND enabled/allowed for them? What about the port NFS is running? While I'm not using krb4, or samba; my exports(5) looks like:

/	-alldirs -maproot=root ip.add.re.ss

NOTE: The -alldirs

Best wishes.

--chris

 

[nORKy]

this ma This is my new configuration:

V4: /u  -sec=sys -network 10.35.66.0 -mask 255.255.255.0
/u -alldirs -maproot=root  10.35.66.31
/u/user1 -maproot=root 10.35.66.31

But my client fails:

# mount -t nfs -o nfsv4 10.35.66.1:/ /u
# ls /u
# ls -la /u
total 0
# tail -n2 -f /var/log/messages
Jul 23 09:31:53 pluto kernel: nfsv4 client/server protocol prob err=10020
Jul 23 09:31:56 pluto last message repeated 5 times
Jul 23 09:34:19 pluto last message repeated 4 times

 

[Chris_H]

Greetings,

I'm not sure, but I'm not confident it's safe (or possible) to mount external mount points to root (/). If I were more intimately familiar with the NFS4 code, I could probably definitively extrapolate the error by error number (10020).

May I suggest you try a different mount point other than root, say /mnt? Also. It's redundant to define -alldirs:

/u -alldirs -maproot=root  10.35.66.31

and then define:

/u/user1 -maproot=root 10.35.66.31

As /u/users is a SUBdirectory of /u

So unless you later decide to make changes to your mounting / permission scheme, it's enough to define:

/u -alldirs -maproot=root  10.35.66.31

HTH

--chris

 

[nORKy]

Now it 's OK. I put the "V4:" line at the end of exports. Now, I have a UID problem, but I think it's a Samba idmap problem.

 

[junovitch@]

NFSv4 is kind of strange with mounts. Your V4 statements sets what everything else sees as the root. This should work.

V4: / -sec=sys -network 10.100.0.0 -mask 255.255.0.0
/usr/ports -maproot=root -network 10.100.0.0 -mask 255.255.0.0

This should also work and do the exact same thing. Both should share /usr/ports. I haven't tested it as written below but when I initially tried NFSv4 I came across this behavior. I can't find my notes from the time on the exact way I had it setup before I went with what is above.

V4: /usr -sec=sys -network 10.100.0.0 -mask 255.255.0.0
/ports -maproot=root -network 10.100.0.0 -mask 255.255.0.0

 

[nORKy]

You're right. I don't understand what I did.