NFSv4 + Kerberos permission denied
John Marshall
john.marshall at riverwillow.com.au
Fri Feb 8 01:37:41 UTC 2013
On 08/02/2013 01:05, Janusz Bulik wrote:
> Hello,
> I've got a little problem with NFSv4 + Kerberos. I can do a mount with
> Kerberos with a valid ticket, but read-only.
> After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/
> I got "Permission denied" message when I try to mkdir or rm. As a root
> mount and as a user mount (sysctl vfs.usermounts=1).
> With -sec=sys it works read-write, but with -sec=krb5 read-only..
Am I right in supposing that you have never had this working?
What you describe sounds symptomatic of nfsuserd not running - see
nfsv4(4). sec=sys doesn't need nfsuserd to "work" but sec=krb5 does. If
you mount with sec=krb5 and "ls -l /mount_test/" do you see in the
listing the user and group names you expect, or just a bunch of numbers?
The read-only access is probably what the filesystem permissions allow
to "other" because, without nfsuserd, it can't map your kerberos
principal to a uid.
Of course, I could be wrong...
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130208/7912dd4b/attachment.sig>
More information about the freebsd-stable
mailing list