CentOS - Oct 2017 - home on nfs

Jonathan Billings <billings at negate.org> writes:
> On Oct 28, 2017, at 23:15, hw <hw at adminart.net> wrote:
>> 
>> Jonathan Billings <billings at negate.org> writes:
>> 
>>>> On Oct 27, 2017, at 10:21, hw <hw at adminart.net> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> I have the home directory of a user on an nfs server and mount
it on a
>>>> client.  When the user logs in, they end up in the root
directory rather
>>>> than in their actual home directory and need to cd into it.
>>>> 
>>>> The user can read and write to their home directory, so it
kinda works
>>>> fine --- but only kinda.  When the user starts emacs, some of
the
>>>> settings in ~/.emacs are not applied, but the saved desktop is
being
>>>> loaded.
>>>> 
>>>> Both machines are running Centos 7.4.  What could be wrong with
the nfs
>>>> mount?
>>> 
>>> Sounds like you haven?t set the selinux Boolean for NFS homedirs. 
>>> setsebool -P use_nfs_home_dirs 1
>> 
>> Oh, indeed, I didn?t know that I need to do that.
>> 
>> Do I do this on the client or on the server or both?
>
> Just the client. 
Thanks, I tried that and it works now :)


-- 
"Didn't work" is an error.

> -----Original Message-----
> From: hw [mailto:hw at adminart.net]
> Sent: Monday, October 30, 2017 12:02 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] home on nfs
> 
> Jonathan Billings <billings at negate.org> writes:
> 
> > On Oct 28, 2017, at 23:15, hw <hw at adminart.net> wrote:
> >>
> >> Jonathan Billings <billings at negate.org> writes:
> >>
> >>>> On Oct 27, 2017, at 10:21, hw <hw at adminart.net>
wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> I have the home directory of a user on an nfs server and
mount it on a
> >>>> client.  When the user logs in, they end up in the root
directory rather
> >>>> than in their actual home directory and need to cd into
it.
> >>>>
> >>>> The user can read and write to their home directory, so it
kinda works
> >>>> fine --- but only kinda.  When the user starts emacs, some
of the
> >>>> settings in ~/.emacs are not applied, but the saved
desktop is being
> >>>> loaded.
> >>>>
> >>>> Both machines are running Centos 7.4.  What could be wrong
with the nfs
> >>>> mount?
> >>>
> >>> Sounds like you haven?t set the selinux Boolean for NFS
homedirs.
> >>> setsebool -P use_nfs_home_dirs 1
> >>
> >> Oh, indeed, I didn?t know that I need to do that.
> >>
> >> Do I do this on the client or on the server or both?
> >
> > Just the client.
> 
> Thanks, I tried that and it works now :)
> 
If you find that the problem comes back in the near future (or perhaps check as
a preventative), you should look to see if the client machine is using the
'soft' mount option instead of 'hard,intr' on the home dirs.  A
few years ago it took me better than a month to figure out that some other admin
had (on some machines) thought that using soft would cause less waiting on
reboots, but we found that the side effect on home directories was corrupt data
and strange issues on user login. (soft can work OK if there is a longish
timeout between mount request and mount use, but if it is quick like autofs at
login, then soft falls down.)

--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the
terms of any contract.

On Mon, 30 Oct 2017 17:02:08 +0100
hw <hw at adminart.net> wrote:
> Jonathan Billings <billings at negate.org> writes:
> 
> > On Oct 28, 2017, at 23:15, hw <hw at adminart.net> wrote:  
> >> 
> >> Jonathan Billings <billings at negate.org> writes:
> >>   
> >>>> On Oct 27, 2017, at 10:21, hw <hw at adminart.net>
wrote:
> >>>> 
> >>>> Hi,
> >>>> 
> >>>> I have the home directory of a user on an nfs server and
mount
> >>>> it on a client.  When the user logs in, they end up in the
root
> >>>> directory rather than in their actual home directory and
need to
> >>>> cd into it.
> >>>> 
> >>>> The user can read and write to their home directory, so it
kinda
> >>>> works fine --- but only kinda.  When the user starts
emacs, some
> >>>> of the settings in ~/.emacs are not applied, but the saved
> >>>> desktop is being loaded.
> >>>> 
> >>>> Both machines are running Centos 7.4.  What could be wrong
with
> >>>> the nfs mount?  
> >>> 
> >>> Sounds like you haven?t set the selinux Boolean for NFS
homedirs.
> >>> setsebool -P use_nfs_home_dirs 1  
> >> 
> >> Oh, indeed, I didn?t know that I need to do that.
> >> 
> >> Do I do this on the client or on the server or both?  
> >
> > Just the client.   
> 
> Thanks, I tried that and it works now :)
An alternative (quite possibly less mature) is to export the nfs mount
with "security_level" and make sure to mount with version 4.2.

This will instead make NFS handle the security contexts and allow the
nfs mount to work as any other selinux compatible file system.

Afaict this should work on 7.4 but I've only ever tried it on Fedora.

/Peter

"Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS"
<todd.denniston at navy.mil> writes:
>> -----Original Message-----
>> From: hw [mailto:hw at adminart.net]
>> Sent: Monday, October 30, 2017 12:02 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] home on nfs
>> 
>> Jonathan Billings <billings at negate.org> writes:
>> 
>> > On Oct 28, 2017, at 23:15, hw <hw at adminart.net> wrote:
>> >>
>> >> Jonathan Billings <billings at negate.org> writes:
>> >>
>> >>>> On Oct 27, 2017, at 10:21, hw <hw at
adminart.net> wrote:
>> >>>>
>> >>>> Hi,
>> >>>>
>> >>>> I have the home directory of a user on an nfs server
and mount it on a
>> >>>> client.  When the user logs in, they end up in the
root directory rather
>> >>>> than in their actual home directory and need to cd
into it.
>> >>>>
>> >>>> The user can read and write to their home directory,
so it kinda works
>> >>>> fine --- but only kinda.  When the user starts emacs,
some of the
>> >>>> settings in ~/.emacs are not applied, but the saved
desktop is being
>> >>>> loaded.
>> >>>>
>> >>>> Both machines are running Centos 7.4.  What could be
wrong with the nfs
>> >>>> mount?
>> >>>
>> >>> Sounds like you haven?t set the selinux Boolean for NFS
homedirs.
>> >>> setsebool -P use_nfs_home_dirs 1
>> >>
>> >> Oh, indeed, I didn?t know that I need to do that.
>> >>
>> >> Do I do this on the client or on the server or both?
>> >
>> > Just the client.
>> 
>> Thanks, I tried that and it works now :)
>> 
>
> If you find that the problem comes back in the near future (or perhaps
> check as a preventative), you should look to see if the client machine
> is using the 'soft' mount option instead of 'hard,intr' on
the home
> dirs.  A few years ago it took me better than a month to figure out
> that some other admin had (on some machines) thought that using soft
> would cause less waiting on reboots, but we found that the side effect
> on home directories was corrupt data and strange issues on user
> login. (soft can work OK if there is a longish timeout between mount
> request and mount use, but if it is quick like autofs at login, then
> soft falls down.)
Thanks for the warning --- I?ll change it accordingly for just in case.
Corrupted data is bad ...