NFSv4 permissions issues

Joe Auty joe at netmusician.org
Sun Aug 1 01:07:47 UTC 2010 

Rick Macklem wrote:
> From: "Joe Auty" <joe at netmusician.org>
>   
>> To: freebsd-fs at freebsd.org
>> Sent: Wednesday, July 28, 2010 3:31:25 AM
>> Subject: NFSv4 permissions issues
>>
>> Hello,
>>
>> In FreeBSD 8.1 when mounting an NFSv4 share (hosted by Solaris 10/ZFS) I
>> cannot create or alter any files on this share nor any other share
>> mounted from this same ZFS server. When I try to do so I get permission
>> denied error messages. This same share does not give me any problems
>> when mounted with identical mount options except for specifying NFSv3
>> rather than NFSv4... i.e.
>>
>> mount -t nfs -o rw,tcp,intr,noatime,nfsv3 myip:/path /path
>>
>> works fine, and:
>>
>> mount -t nfs -o rw,tcp,intr,noatime,nfsv4 myip:/path /path
>>
>> exhibits the above problems...
>>
>>
>> Any idea why this is so and what I ought to do to test using NFSv4 on
>> this machine?
>>     
>
> 1 - look to see if the username/groupname mappings are working. (NFSv4
> uses name and not#s.)
>     - just do an "ls -lg" on some NFSv4 mounted dir. to see if they
>       look ok. (lotsa "nobdy"'s --> busted) If it's busted, look at
>       the setup of nfsuserd and the "domain" specified, which is
>       usually the domain part of the host's name, but can be overridden
>       by a flag option on nfsuserd and in a config file on Solaris10.
>
> 2 - Make sure you user/group names and uid/gid numbers are consistent
>       between client and server. NFSv4 always specifies the groupname
>       of a newly created file object, so those groups/gids must be
>       correct.
>
> If the above doesn't resolve it, look at a snoop trace for the failed
> access and see what the user/group names (and uid/gid #s in the RPC
> header) look like.
>
> This is most likely something related to the user/group name and
> number mapping, rick
>   

At the time the user/groups were showing up as root:joe. Doing a chown
as root would not generate an error message, it just simply did not
work. There are no numbers appearing the user/group assignments, and
these same permissions work fine when the share is mounted as NFSv3, for
whatever reason. Because I gave root read and write permissions, I
should be able to change the permissions to whatever I want on the
client end, right?

Is snoop trace an strace?



-- 
Joe Auty, NetMusician
NetMusician helps musicians, bands and artists create beautiful,
professional, custom designed, career-essential websites that are easy
to maintain and to integrate with popular social networks.
www.netmusician.org <http://www.netmusician.org>
joe at netmusician.org <mailto:joe at netmusician.org>

More information about the freebsd-fs mailing list