[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

NFSv4 without Kerberos and permissions



I recently set up an NFS v4 server on debian stretch. If I use a debian client to mount the share, everything works fine. However, if I use a CentOS or a Ubuntu client, the permissions don't work.

I have synchronized the group ids manually, and that's the only permissions I'm interested in.

I have a directory structure like this:

/export
/export/ssl
/export/ssl/wildcard

/export/ssl/wildcard is chmod 2750 with root:ssl-cert as its owner.
root user is uid 0, ssl-cert is gid 555.

My exports file looks like this:

/export 10.77.9.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check)
/export/ssl 10.77.9.0/24(ro,sync,no_subtree_check)
/export/ssl/wildcard 10.77.9.0/24(ro,sync,no_subtree_check)

There is no firewall on the server. iptables is wide open. Server is 10.77.9.188 and client is 10.77.9.189. hosts.allow has ALL:ALL on the last line.

I have no trouble mounting the share on the client. But a member of the ssl-cert group (again, it IS GID 555 -- I made the group manually to ensure this) CANNOT enter the directory. They cannot read files in the directory. They cannot do anything with the share.

I have this trouble with Ubuntu 14.04, Ubuntu 16.04, and CentOS 7. I do not have any issues with Debian 8 or Debian 9 clients.

/etc/default/nfs-common has
NEED_IDMAPD=yes

/etc/default/nfs-kernel-server is stock; no changes.

I have this problem with NFSv4 servers on Debian 8 and Debian 9.

If I run the NFS server on Ubuntu 16.04, I can access it fine from Ubuntu clients and CentOS clients, but Debian clients have the same problem.

What am I missing? What can I do to further troubleshoot this? Is there any way to determine what mapping it THINKS is occurring?

Thanks.


Reply to: