Dino
2008-Jul-15 06:36 UTC
[zfs-discuss] Cannot share RW, "Permission Denied" with sharenfs in ZFS
Hi everyone,
I have just installed Solaris and have added a 3x500GB raidz drive array. I am
able to use this pool (''tank'') successfully locally, but when
I try to share it remotely, I can only read, I cannot execute or write. I
didn''t do anything other than the default ''zfs set sharenfs=on
tank''... how can I get it so that any allowed user can access the pool
read/write through nfs?
Here is some relevant information:
root at mosasaur:/# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
tank 1.36T 46.1G 1.31T 3% ONLINE -
root at mosasaur:/# zpool status
pool: tank
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
tank ONLINE 0 0 0
raidz1 ONLINE 0 0 0
c3t0d0 ONLINE 0 0 0
c3t1d0 ONLINE 0 0 0
c3t2d0 ONLINE 0 0 0
errors: No known data errors
root at mosasaur:/# zfs get all tank
NAME PROPERTY VALUE SOURCE
tank type filesystem -
tank creation Sat Jul 12 22:47 2008 -
tank used 30.7G -
tank available 882G -
tank referenced 30.7G -
tank compressratio 1.00x -
tank mounted yes -
tank quota none default
tank reservation none default
tank recordsize 128K default
tank mountpoint /tank local
tank sharenfs on local
tank checksum on default
tank compression off default
tank atime on default
tank devices on default
tank exec on default
tank setuid off local
tank readonly off default
tank zoned off default
tank snapdir hidden default
tank aclmode groupmask default
tank aclinherit secure default
tank canmount on default
tank shareiscsi off default
tank xattr on default
/etc/dfs/dfstab is empty
/etc/dfs/sharetab:
/tank - nfs rw
Now, when I try to mount this share from multiple boxes, I get
''Permission denied'' when I try to create/modify any file.
Mounting from a Linux box:
/etc/fstab
mosasaur:/tank /tank nfs4 rw,user 0 0
mount /tank
ls -al tank == drwxr-xr-x 7 4294967294 4294967294 8 2008-07-13 17:58 tank
mount shows:
mosasaur:/tank on /tank type
nfs4(rw,user=mac,addr=192.168.0.4,clientaddr=192.168.0.17)
# touch /tank/FILE
touch: cannot touch `file'': Permission denied
Mounting from a NetBSD box
/etc/fstab:
mosasaur:/tank /tank nfs rw 0 0
root# mount /tank
root# ls -al | grep tank
drwxr-xr-x 7 100 10 8 Jul 13 16:58 tank
root# mount | grep tank
mosasaur:/tank on /tank type nfs
root# touch /tank/FILE
touch: /tank/FILE: Permission denied
I dont get it at all, it is a completely stock configuration... Does anytone
have any idea why this isnt working and how I could fix it?
Thanks,
Dino
This message posted from opensolaris.org
Richard Elling
2008-Jul-15 16:33 UTC
[zfs-discuss] Cannot share RW, "Permission Denied" with sharenfs in ZFS
Dino wrote:> Hi everyone, > > I have just installed Solaris and have added a 3x500GB raidz drive array. I am able to use this pool (''tank'') successfully locally, but when I try to share it remotely, I can only read, I cannot execute or write. I didn''t do anything other than the default ''zfs set sharenfs=on tank''... how can I get it so that any allowed user can access the pool read/write through nfs? > > Here is some relevant information: > root at mosasaur:/# zpool list > NAME SIZE USED AVAIL CAP HEALTH ALTROOT > tank 1.36T 46.1G 1.31T 3% ONLINE - > > root at mosasaur:/# zpool status > pool: tank > state: ONLINE > scrub: none requested > config: > > NAME STATE READ WRITE CKSUM > tank ONLINE 0 0 0 > raidz1 ONLINE 0 0 0 > c3t0d0 ONLINE 0 0 0 > c3t1d0 ONLINE 0 0 0 > c3t2d0 ONLINE 0 0 0 > > errors: No known data errors > > root at mosasaur:/# zfs get all tank > NAME PROPERTY VALUE SOURCE > tank type filesystem - > tank creation Sat Jul 12 22:47 2008 - > tank used 30.7G - > tank available 882G - > tank referenced 30.7G - > tank compressratio 1.00x - > tank mounted yes - > tank quota none default > tank reservation none default > tank recordsize 128K default > tank mountpoint /tank local > tank sharenfs on local > tank checksum on default > tank compression off default > tank atime on default > tank devices on default > tank exec on default > tank setuid off local > tank readonly off default > tank zoned off default > tank snapdir hidden default > tank aclmode groupmask default > tank aclinherit secure default > tank canmount on default > tank shareiscsi off default > tank xattr on default > > /etc/dfs/dfstab is empty > > /etc/dfs/sharetab: > /tank - nfs rw > > > Now, when I try to mount this share from multiple boxes, I get ''Permission denied'' when I try to create/modify any file. > > Mounting from a Linux box: > /etc/fstab > mosasaur:/tank /tank nfs4 rw,user 0 0 > mount /tank > ls -al tank == drwxr-xr-x 7 4294967294 4294967294 8 2008-07-13 17:58 tank > mount shows: > mosasaur:/tank on /tank type nfs4(rw,user=mac,addr=192.168.0.4,clientaddr=192.168.0.17) > > # touch /tank/FILE > touch: cannot touch `file'': Permission denied > > > Mounting from a NetBSD box > /etc/fstab: > mosasaur:/tank /tank nfs rw 0 0 > root# mount /tank > root# ls -al | grep tank > drwxr-xr-x 7 100 10 8 Jul 13 16:58 tank > root# mount | grep tank > mosasaur:/tank on /tank type nfs > root# touch /tank/FILE > touch: /tank/FILE: Permission denied > > > I dont get it at all, it is a completely stock configuration... Does anytone have any idea why this isnt working and how I could fix it? >This is a NFS security feature which has been around for 15 years or so. By default, remote root users have the privileges of "nobody." If you want a remote root user to have privileges, you need to change the "rw" option. The ZFS Administration Guide, Chapter 1, covers such examples. http://www.opensolaris.org/os/community/zfs/docs/zfsadmin.pdf -- richard
Anton B. Rang
2008-Jul-15 19:03 UTC
[zfs-discuss] Cannot share RW, "Permission Denied" with sharenfs in ZFS
My first hunch would be to unmount the tank pool from /tank, and check the permissions of the /tank directory. You''ll see behavior like this if the directory on which an NFS-exported file system will be mounted is not world-readable before the mount. This message posted from opensolaris.org