Re: permission denied when writing to mounted directory exported by NFS server
On Fri, Feb 10, 2023 at 09:10:55AM +0100, carsten.re...@t-online.de wrote: > On Fri, Feb 10, 2023 at 12:58:21PM +0530, Sandeep Gupta wrote: > > On test setup I got this fixed. I will try to see if it works on actual > > system. > > > > I made following changes: > > - modified /etc/exports entry > > ` > > /nfs/testdir -alldirs -maproot=root:wheel -network=192.168.0 > > -mask=255.255.255.0 > > This sounds like the typical "fix your access rights" problem > > > ` > > The not-working version used "-maproot=root". > > > > probably your "not-working" user wasn't root ? but is a member of the group > wheel ? I asked that already. As NFS in general to seems work (at least for r/o access), this is almost 100% a permission issue. But other went of to chase geese. So again, run in the dir: ls -ld id And show the output. -Otto > > > - started nfsd from command line > > ` > > doas /sbin/nfsd -tun 4 > > ` > > For some reason starting using rcctl fails as can be seen below: > > ``` > > You have new mail. > > openbsd$ doas rcctl start portmap mountd nfsd > > nfsd(failed) > > nfsd(failed) is bad ... > > > openbsd$ doas /sbin/nfsd -tun 4 > > openbsd$ ps aux | grep nfsd > > root 21178 0.0 0.1 480 1132 ?? S 12:51PM0:00.01 nfsd: > > master > > root 95864 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > > server > > root 29237 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > > server > > root 37092 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > > server > > root 40371 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > > server > > adming 20594 0.0 0.1 524 1264 00 S+p12:51PM0:00.02 grep nfsd > > ``` > > > > For debugs, here is output of rpcinfo: > > [adming@cluster-node2]~% rpcinfo -p 192.168.0.122 > >program vers proto port service > > 102 tcp111 portmapper > > 102 udp111 portmapper > > 151 udp859 mountd > > 153 udp859 mountd > > 151 tcp806 mountd > > 153 tcp806 mountd > > 132 udp 2049 nfs > > 133 udp 2049 nfs > > 132 tcp 2049 nfs > > 133 tcp 2049 nfs > > > > Since, on both client and server, the root is writing -- the uid and gid is > > 0. > > Never do this ... I don't remember exactly, but NFS might not like it ... > > Never play with root > > > > > > On Fri, Feb 10, 2023 at 5:13 AM wrote: > > > > > On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote: > > > > Unfortunately - personal experience - NFS is not the best offering from > > > OpenBSD: it is enough > > > > combersome to setup and easy to lose grip: something unsafe to keep me > > > away from it. > > > > > > > > > > > > > What exactly do you mean ? > > > > > > rcctl enable portmap mountd nfsd > > > > > > what is so cumbersome with that ? > > > > > > What can we do better ? > > > > > > > > > > However, for your testing purposes, I can suggest you there is a > > > specific tool to test, server and client > > > > status. looking to the man I guess it should be nfsstat pointed to one > > > or the other host same time. > > > > Probably some other people could be more detailed. > > > > > > > > -- Daniele Bonini > > > > > > > > Feb 8, 2023 17:00:09 Sandeep Gupta : > > > > > > > > > Looking at the docs I am not able > > > > > to find any otherconfig options for access control on the client side. > > > > > There is nothing in the logs on the server side as well. Any pointers > > > to > > > > > debug/fix would be of great help. > > > > > > > > > > >
Re: permission denied when writing to mounted directory exported by NFS server
On Fri, Feb 10, 2023 at 12:58:21PM +0530, Sandeep Gupta wrote: > On test setup I got this fixed. I will try to see if it works on actual > system. > > I made following changes: > - modified /etc/exports entry > ` > /nfs/testdir -alldirs -maproot=root:wheel -network=192.168.0 > -mask=255.255.255.0 This sounds like the typical "fix your access rights" problem > ` > The not-working version used "-maproot=root". > probably your "not-working" user wasn't root ? but is a member of the group wheel ? > - started nfsd from command line > ` > doas /sbin/nfsd -tun 4 > ` > For some reason starting using rcctl fails as can be seen below: > ``` > You have new mail. > openbsd$ doas rcctl start portmap mountd nfsd > nfsd(failed) nfsd(failed) is bad ... > openbsd$ doas /sbin/nfsd -tun 4 > openbsd$ ps aux | grep nfsd > root 21178 0.0 0.1 480 1132 ?? S 12:51PM0:00.01 nfsd: > master > root 95864 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > root 29237 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > root 37092 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > root 40371 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > adming 20594 0.0 0.1 524 1264 00 S+p12:51PM0:00.02 grep nfsd > ``` > > For debugs, here is output of rpcinfo: > [adming@cluster-node2]~% rpcinfo -p 192.168.0.122 >program vers proto port service > 102 tcp111 portmapper > 102 udp111 portmapper > 151 udp859 mountd > 153 udp859 mountd > 151 tcp806 mountd > 153 tcp806 mountd > 132 udp 2049 nfs > 133 udp 2049 nfs > 132 tcp 2049 nfs > 133 tcp 2049 nfs > > Since, on both client and server, the root is writing -- the uid and gid is > 0. Never do this ... I don't remember exactly, but NFS might not like it ... Never play with root > > On Fri, Feb 10, 2023 at 5:13 AM wrote: > > > On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote: > > > Unfortunately - personal experience - NFS is not the best offering from > > OpenBSD: it is enough > > > combersome to setup and easy to lose grip: something unsafe to keep me > > away from it. > > > > > > > > > What exactly do you mean ? > > > > rcctl enable portmap mountd nfsd > > > > what is so cumbersome with that ? > > > > What can we do better ? > > > > > > > However, for your testing purposes, I can suggest you there is a > > specific tool to test, server and client > > > status. looking to the man I guess it should be nfsstat pointed to one > > or the other host same time. > > > Probably some other people could be more detailed. > > > > > > -- Daniele Bonini > > > > > > Feb 8, 2023 17:00:09 Sandeep Gupta : > > > > > > > Looking at the docs I am not able > > > > to find any otherconfig options for access control on the client side. > > > > There is nothing in the logs on the server side as well. Any pointers > > to > > > > debug/fix would be of great help. > > > > > > >
Re: permission denied when writing to mounted directory exported by NFS server
On test setup I got this fixed. I will try to see if it works on actual system. I made following changes: - modified /etc/exports entry ` /nfs/testdir -alldirs -maproot=root:wheel -network=192.168.0 -mask=255.255.255.0 ` The not-working version used "-maproot=root". - started nfsd from command line ` doas /sbin/nfsd -tun 4 ` For some reason starting using rcctl fails as can be seen below: ``` You have new mail. openbsd$ doas rcctl start portmap mountd nfsd nfsd(failed) openbsd$ doas /sbin/nfsd -tun 4 openbsd$ ps aux | grep nfsd root 21178 0.0 0.1 480 1132 ?? S 12:51PM0:00.01 nfsd: master root 95864 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 29237 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 37092 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 40371 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server adming 20594 0.0 0.1 524 1264 00 S+p12:51PM0:00.02 grep nfsd ``` For debugs, here is output of rpcinfo: [adming@cluster-node2]~% rpcinfo -p 192.168.0.122 program vers proto port service 102 tcp111 portmapper 102 udp111 portmapper 151 udp859 mountd 153 udp859 mountd 151 tcp806 mountd 153 tcp806 mountd 132 udp 2049 nfs 133 udp 2049 nfs 132 tcp 2049 nfs 133 tcp 2049 nfs Since, on both client and server, the root is writing -- the uid and gid is 0. On Fri, Feb 10, 2023 at 5:13 AM wrote: > On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote: > > Unfortunately - personal experience - NFS is not the best offering from > OpenBSD: it is enough > > combersome to setup and easy to lose grip: something unsafe to keep me > away from it. > > > > > What exactly do you mean ? > > rcctl enable portmap mountd nfsd > > what is so cumbersome with that ? > > What can we do better ? > > > > However, for your testing purposes, I can suggest you there is a > specific tool to test, server and client > > status. looking to the man I guess it should be nfsstat pointed to one > or the other host same time. > > Probably some other people could be more detailed. > > > > -- Daniele Bonini > > > > Feb 8, 2023 17:00:09 Sandeep Gupta : > > > > > Looking at the docs I am not able > > > to find any otherconfig options for access control on the client side. > > > There is nothing in the logs on the server side as well. Any pointers > to > > > debug/fix would be of great help. > > > >
Re: permission denied when writing to mounted directory exported by NFS server
On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote: > Unfortunately - personal experience - NFS is not the best offering from > OpenBSD: it is enough > combersome to setup and easy to lose grip: something unsafe to keep me away > from it. > What exactly do you mean ? rcctl enable portmap mountd nfsd what is so cumbersome with that ? What can we do better ? > However, for your testing purposes, I can suggest you there is a specific > tool to test, server and client > status. looking to the man I guess it should be nfsstat pointed to one or the > other host same time. > Probably some other people could be more detailed. > > -- Daniele Bonini > > Feb 8, 2023 17:00:09 Sandeep Gupta : > > > Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as well. Any pointers to > > debug/fix would be of great help. >
Re: permission denied when writing to mounted directory exported by NFS server
On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote: > Unfortunately - personal experience - NFS is not the best offering from > OpenBSD: it is enough > combersome to setup and easy to lose grip: something unsafe to keep me away > from it. > What is cumbersome ? $ rcctl enable portmap mountd nfsd Create a directory Create a /etc/exports rcctl start portmap mountd nfsd Here we go ... What can we do better ? > However, for your testing purposes, I can suggest you there is a specific > tool to test, server and client > status. looking to the man I guess it should be nfsstat pointed to one or the > other host same time. > Probably some other people could be more detailed. > > -- Daniele Bonini > > Feb 8, 2023 17:00:09 Sandeep Gupta : > > > Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as well. Any pointers to > > debug/fix would be of great help. >
Re: permission denied when writing to mounted directory exported by NFS server
On Wed, Feb 08, 2023 at 09:27:34PM +0530, Sandeep Gupta wrote: > I have a default installation of openbsd, with portmap, mountd, nfsd > services started via rcctl. I have following entry in /etc/exports > > /nfs/testdir -alldirs -maproot=root -network=192.168.0 -mask=255.255.255.0 > > I am able to mount the exported share on client (centos) as follows: > > sudo mount -t nfs -o rw,noauto -v 192.168.0.122:/nfs/testdir mntpt3 > > From the client, I can read the contents. But writing inside the mounted > directory yields permission denied error. Looking at the docs I am not able > to find any otherconfig options for access control on the client side. > There is nothing in the logs on the server side as well. Any pointers to > debug/fix would be of great help. Can you check the uid and gid of the user on the client and the server ? The user needs to have the same uid on both systems as NFS works with the numerical IDs (uid/gid.) This won't work: Server: bambi$ doas useradd -m -u 1 -g 1 test bambi$ doas mkdir /exports/test3 bambi$ doas chown test:test /exports/test3 Client: creith@molloy:~$ sudo useradd -m -u 10001 -g 10001 test creith@molloy:~$ sudo su - test test@molloy:~$ touch /mnt/test3/hallo touch: '/mnt/test3/hallo' kann nicht ber??hrt werden: Keine Berechtigung Sorry for the German, it means: Permission denied. :wq Carsten
Re: permission denied when writing to mounted directory exported by NFS server
On Thu, Feb 09, 2023 at 11:41:12AM +0530, Sandeep Gupta wrote: > Following up on this. I looked into the /var/log/messages/ and > /var/log/daemon. Both are quite after starting the portmap, mountd, and > nfsd services. > > Here is verbose output from the client side when mounting the share: > ``` > [adming@cluster-node2]~% sudo mount -t nfs -o rw,noauto -v > 192.168.0.122:/nfs/testdir > /home/adming/mntpt2 > mount.nfs: timeout set for Thu Feb 9 11:34:52 2023 > > mount.nfs: trying text-based options > 'vers=4.2,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > mount.nfs: trying text-based options > 'vers=4,minorversion=1,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > mount.nfs: trying text-based options > 'vers=4,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > Created symlink > /run/systemd/system/remote-fs.target.wants/rpc-statd.service ? > /usr/lib/systemd/system/rpc-statd.service. > mount.nfs: trying text-based options 'addr=192.168.0.122' > mount.nfs: prog 13, trying vers=3, prot=6 > mount.nfs: trying 192.168.0.122 prog 13 vers 3 prot TCP port 2049 > mount.nfs: prog 15, trying vers=3, prot=17 > mount.nfs: trying 192.168.0.122 prog 15 vers 3 prot UDP port 724 > [adming@cluster-node2]~% cd mntpt2 > [adming@cluster-node2]~/mntpt2% ls > alfpha testfile > [adming@cluster-node2]~/mntpt2% touch y > touch: cannot touch 'y': Permission denied > ``` > > Am out of ideas as what to test/debug. > can you try the following command on the client ? rpcinfo -p The output should look something like this: program vers proto port service 102 tcp111 portmapper 102 udp111 portmapper 151 udp702 mountd 153 udp702 mountd 151 tcp 1017 mountd 153 tcp 1017 mountd 132 udp 2049 nfs 133 udp 2049 nfs 132 tcp 2049 nfs 133 tcp 2049 nfs :wq Carsten
Re: permission denied when writing to mounted directory exported by NFS server
On Thu, Feb 09, 2023 at 11:41:55AM +0530, Sandeep Gupta wrote: > Not a problem. I am glad that you looked into it. > > On Thu, Feb 9, 2023 at 7:48 AM wrote: > > > sorry, for having you replied directly. I set up this system today, I > > still have some twerks. > > Can you check the uid and gid of the user on the client and the server ? The uid and/or gid must be the same on both systems as NFS works with the numerical IDs (uid/gid.) This won't work: Server: bambi$ doas useradd -m -u 1 -g 1 test bambi$ doas mkdir /exports/test3 bambi$ doas chown test:test /exports/test3 Client: creith@molloy:~$ sudo useradd -m -u 10001 -g 10001 test creith@molloy:~$ sudo su - test test@molloy:~$ touch /mnt/test3/hallo touch: '/mnt/test3/hallo' kann nicht ber??hrt werden: Keine Berechtigung Sorry for the German, it means: Permission denied. :wq Carsten
Re: permission denied when writing to mounted directory exported by NFS server
On Thu, Feb 09, 2023 at 11:41:12AM +0530, Sandeep Gupta wrote: > Following up on this. I looked into the /var/log/messages/ and > /var/log/daemon. Both are quite after starting the portmap, mountd, and > nfsd services. > > Here is verbose output from the client side when mounting the share: > ``` > [adming@cluster-node2]~% sudo mount -t nfs -o rw,noauto -v > 192.168.0.122:/nfs/testdir > /home/adming/mntpt2 > mount.nfs: timeout set for Thu Feb 9 11:34:52 2023 > > mount.nfs: trying text-based options > 'vers=4.2,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > mount.nfs: trying text-based options > 'vers=4,minorversion=1,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > mount.nfs: trying text-based options > 'vers=4,addr=192.168.0.122,clientaddr=192.168.0.187' > mount.nfs: mount(2): Protocol not supported > Created symlink > /run/systemd/system/remote-fs.target.wants/rpc-statd.service → > /usr/lib/systemd/system/rpc-statd.service. > mount.nfs: trying text-based options 'addr=192.168.0.122' > mount.nfs: prog 13, trying vers=3, prot=6 > mount.nfs: trying 192.168.0.122 prog 13 vers 3 prot TCP port 2049 > mount.nfs: prog 15, trying vers=3, prot=17 > mount.nfs: trying 192.168.0.122 prog 15 vers 3 prot UDP port 724 > [adming@cluster-node2]~% cd mntpt2 > [adming@cluster-node2]~/mntpt2% ls > alfpha testfile > [adming@cluster-node2]~/mntpt2% touch y > touch: cannot touch 'y': Permission denied > ``` > > Am out of ideas as what to test/debug. run the commands $ ls -ld $ id to see what the permissions are on te dir and what user you are running as. -Otto > > > > On Wed, Feb 8, 2023 at 9:27 PM Sandeep Gupta > wrote: > > > I have a default installation of openbsd, with portmap, mountd, nfsd > > services started via rcctl. I have following entry in /etc/exports > > > > /nfs/testdir -alldirs -maproot=root -network=192.168.0 -mask=255.255.255.0 > > > > I am able to mount the exported share on client (centos) as follows: > > > > sudo mount -t nfs -o rw,noauto -v 192.168.0.122:/nfs/testdir mntpt3 > > > > From the client, I can read the contents. But writing inside the mounted > > directory yields permission denied error. Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as well. Any pointers to > > debug/fix would be of great help. > >
Re: permission denied when writing to mounted directory exported by NFS server
Following up on this. I looked into the /var/log/messages/ and /var/log/daemon. Both are quite after starting the portmap, mountd, and nfsd services. Here is verbose output from the client side when mounting the share: ``` [adming@cluster-node2]~% sudo mount -t nfs -o rw,noauto -v 192.168.0.122:/nfs/testdir /home/adming/mntpt2 mount.nfs: timeout set for Thu Feb 9 11:34:52 2023 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.0.122,clientaddr=192.168.0.187' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.0.122,clientaddr=192.168.0.187' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,addr=192.168.0.122,clientaddr=192.168.0.187' mount.nfs: mount(2): Protocol not supported Created symlink /run/systemd/system/remote-fs.target.wants/rpc-statd.service → /usr/lib/systemd/system/rpc-statd.service. mount.nfs: trying text-based options 'addr=192.168.0.122' mount.nfs: prog 13, trying vers=3, prot=6 mount.nfs: trying 192.168.0.122 prog 13 vers 3 prot TCP port 2049 mount.nfs: prog 15, trying vers=3, prot=17 mount.nfs: trying 192.168.0.122 prog 15 vers 3 prot UDP port 724 [adming@cluster-node2]~% cd mntpt2 [adming@cluster-node2]~/mntpt2% ls alfpha testfile [adming@cluster-node2]~/mntpt2% touch y touch: cannot touch 'y': Permission denied ``` Am out of ideas as what to test/debug. On Wed, Feb 8, 2023 at 9:27 PM Sandeep Gupta wrote: > I have a default installation of openbsd, with portmap, mountd, nfsd > services started via rcctl. I have following entry in /etc/exports > > /nfs/testdir -alldirs -maproot=root -network=192.168.0 -mask=255.255.255.0 > > I am able to mount the exported share on client (centos) as follows: > > sudo mount -t nfs -o rw,noauto -v 192.168.0.122:/nfs/testdir mntpt3 > > From the client, I can read the contents. But writing inside the mounted > directory yields permission denied error. Looking at the docs I am not able > to find any otherconfig options for access control on the client side. > There is nothing in the logs on the server side as well. Any pointers to > debug/fix would be of great help. >
Re: permission denied when writing to mounted directory exported by NFS server
On Wed, Feb 08, 2023 at 10:30:17PM +0100, cre...@macbeth.creith.de wrote: > On Wed, Feb 08, 2023 at 09:27:34PM +0530, Sandeep Gupta wrote: > > I have a default installation of openbsd, with portmap, mountd, nfsd > > services started via rcctl. I have following entry in /etc/exports > > > > /nfs/testdir -alldirs -maproot=root -network=192.168.0 -mask=255.255.255.0 > > > > I am able to mount the exported share on client (centos) as follows: > > > > sudo mount -t nfs -o rw,noauto -v 192.168.0.122:/nfs/testdir mntpt3 > > > > From the client, I can read the contents. But writing inside the mounted > > directory yields permission denied error. Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as well. Any pointers to > > debug/fix would be of great help. > > Is /var/log/daemon happy, when you start the mountd ? >