NFSv4 without Kerberos and permissions
I recently set up an NFS v4 server on debian stretch. If I use a debian
client to mount the share, everything works fine. However, if I use a
CentOS or a Ubuntu client, the permissions don't work.
I have synchronized the group ids manually, and that's the only
permissions I'm interested in.
I have a directory structure like this:
/export/ssl/wildcard is chmod 2750 with root:ssl-cert as its owner.
root user is uid 0, ssl-cert is gid 555.
My exports file looks like this:
There is no firewall on the server. iptables is wide open. Server is
10.77.9.188 and client is 10.77.9.189. hosts.allow has ALL:ALL on the
I have no trouble mounting the share on the client. But a member of the
ssl-cert group (again, it IS GID 555 -- I made the group manually to
ensure this) CANNOT enter the directory. They cannot read files in the
directory. They cannot do anything with the share.
I have this trouble with Ubuntu 14.04, Ubuntu 16.04, and CentOS 7. I do
not have any issues with Debian 8 or Debian 9 clients.
/etc/default/nfs-kernel-server is stock; no changes.
I have this problem with NFSv4 servers on Debian 8 and Debian 9.
If I run the NFS server on Ubuntu 16.04, I can access it fine from
Ubuntu clients and CentOS clients, but Debian clients have the same problem.
What am I missing? What can I do to further troubleshoot this? Is there
any way to determine what mapping it THINKS is occurring?