Clif Smith wrote:
I'm seeing some weirdness when trying to access a non-global zone's dir via
NFS/Automount from a remote server.  If we first try as a non-superuser it
fails with Permission denied. However, if we first try as root it works and then is accessible by any user for a bit - but will eventually fail again.


[EMAIL PROTECTED] ] $ cd /net/shark/zones/zap-1/root/space/zap-1/
-bash: cd: /net/shark/zones/zap-1/root/space/zap-1/: Permission denied

Normally the zone root is only readable/executable by root. The chdir system call needs to walk the list of directories, so if it gets to the "zap-1" or "root" directory and it's mode 700 owned by root, you're presumably not going to succeed.

[EMAIL PROTECTED] ] $ sudo cd /net/shark/zones/zap-1/root/space/zap-1/

Although if you're using the default "map root to nobody" setup, this might be expected to fail as well.

Is this a bug or am I missing something?

I don't have an easy setup to test this here. But normally "snoop host shark" in another window while you try the "cd" command is a good bet to debug NFS issues, since it lets you see which part failed. For example, you may see something like the following.

Hugh.


# snoop host server
Using device /dev/bge0 (promiscuous mode)
client -> server    NFS C NULL4
server -> client RPC R (#4) XID=1173456783 Program number mismatch (low=2, high=3)

........ this says that the MacOS X Tiger server does not do NFSv4. Whick is OK in this case.
        
client -> server    PORTMAP C GETPORT prog=100003 (NFS) vers=3 proto=UDP
server -> client    PORTMAP R GETPORT port=2049
client -> server    NFS C NULL3
server -> client    NFS R NULL3
client -> server    PORTMAP C GETPORT prog=100005 (MOUNT) vers=1 proto=TCP
server -> client    PORTMAP R GETPORT port=1013
client -> server    MOUNT1 C Get export list
server -> client    MOUNT1 R Get export list 5 entries

        ...... Mostly portmap junk.

client -> server    PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 proto=UDP
server -> client    PORTMAP R GETPORT port=989
client -> server    MOUNT3 C Null
server -> client    MOUNT3 R Null
client -> server    MOUNT3 C Mount /
server -> client    MOUNT3 R Mount OK FH=8884 Auth=unix

        ...... This is one of the key replies.  Since this said
        ...... "Mount OK" it means the NFS mount worked.  If you see
        ...... "Mount permission denied" it's a common sign of
        ...... missing/broken export lists.
        
client -> server    PORTMAP C GETPORT prog=100003 (NFS) vers=3 proto=TCP
server -> client    PORTMAP R GETPORT port=2049

client -> server    NFS C LOOKUP3 FH=8884 Users
server -> client    NFS R LOOKUP3 OK FH=A2ED
client -> server    NFS C LOOKUP3 FH=A2ED hugh
server -> client    NFS R LOOKUP3 OK FH=B35C

...... Each stage here shows one stage of the path lookup. If one of these fails, you know where to look.
        
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to