-2

I'm trying to share a NFS mount among multiple users. I can't get it to work, because I always get access denied. I can mount the shares, but I can't see the files.

The export is made through Heartbeat+Pacemaker. I don't think that makes the difference, but here's the export config:

primitive exports_nfs_proys ocf:heartbeat:exportfs \
params rmtab_backup="none" directory="/export/proyectos" clientspec="172.16.54.0/24" options="rw,async,no_subtree_check,insecure,root_squash" fsid="2" \
op monitor interval="30s" \
op start interval="0" timeout="240s"

So I mount the NFS share:

jorge.suarez@decp1304:~$ sudo mount -t nfs4 172.16.54.56:/proyectos/innovacion /mnt
jorge.suarez@decp1304:~$ cd /mnt
bash: cd: /mnt: Permission denied

On the client:

$ stat /mnt
File: «/mnt»
Size: 3896          Blocks: 0          IO Block: 1048576 directorio
Device: 19h/25d Inode: 131542      Links: 2
Access: (6770/drwsrws---)  Uid: (65534/  nobody)   Gid: ( 3001/proyecto-innovacion)
Access: 2012-08-23 14:47:53.953641353 +0200
Modify: 2012-08-23 14:47:53.263610391 +0200
Change: 2012-08-23 14:47:53.263610391 +0200

jorge.suarez@decp1304:/$ getent group | grep proyecto-innovacion
gproyecto-innovacion:*:3001:diego,felix,jorge.suarez,maria
jorge.suarez@decp1304:/$ getent passwd | grep jorge.suarez
jorge.suarez:*:4004:2000:Jorge Suárez de Lis:/home/remoto/jorge.suarez:/bin/bash

On the server:

root@ctserv01:/# stat /export/proyectos/innovacion
  File: «.»
  Size: 3896        Blocks: 0          IO Block: 4096   directorio
Device: fb04h/64260d    Inode: 131542      Links: 2
Access: (6770/drwsrws---)  Uid: (65534/  nobody)   Gid: ( 3001/proyecto-innovacion)
Access: 2012-08-23 14:47:53.953641353 +0200
Modify: 2012-08-23 14:47:53.263610391 +0200
Change: 2012-08-23 14:47:53.263610391 +0200

root@ctserv01:/# getent group | grep proyecto-innovacion
proyecto-innovacion:*:3001:diego,felix,jorge.suarez,maria
root@ctserv01:/# getent passwd | grep jorge.suarez
jorge.suarez:*:4004:2000:Jorge Suárez de Lis:/home/remoto/jorge.suarez:/bin/bash

So, I'm doing something wrong, but all seems OK here. The UID/GID are matching on client and server.

If I set the directory permissions to 777 I can access, read and write the directory, but I want to restrict this just to some users so that's not an accepted solution.

4

1 回答 1

0

确保在服务器和客户端上禁用 SELinux

确保在导出中使用以下选项

rw,sync,no_root_squash

确保您允许正确的子网或主机名等。

于 2012-08-23T14:00:14.873 回答