[geeks] Clearly doing something wrong with nfs permissions

Phil Stracchino phils at caerllewys.net
Tue Jan 11 12:07:48 CST 2022 

SO it turns out that enough has changed between Solaris 11.3 and Solaris 
11.4 that there are apparently additional things I need to do on 11.4 to 
set up NFS shares and mount them on Linux.

For example consider the following:

epsilon3:root:/home/alaric:135 # zfs get -e share.all rpool/home | grep 
-v 'default$'
NAME        PROPERTY                            VALUE        SOURCE
rpool/home  share.nfs                           on           local
rpool/home  share.nfs.sec.default.root          10.24.32.10  local
rpool/home  share.nfs.sec.default.rw            10.24.32.10  local
rpool/home  share.nfs.sec.sys.root              10.24.32.10  local
rpool/home  share.nfs.sec.sys.rw                10.24.32.10  local
rpool/home  share.point                         /home        local
rpool/home  share.protocols                     nfs          local


I can mount this on the Linux box at 10.24.32.10:

babylon5:root:~:75 # mount -t nfs4 -o 
rw,rsize=16384,wsize=16384,soft,suid,tcp,noatime,_netdev,nofail 
epsilon3:/home /mnt/epsilon3

babylon5:root:~:76 # mount
[...]
epsilon3:/home on /mnt/epsilon3 type nfs4 
(rw,noatime,vers=4.0,rsize=16384,wsize=16384,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.24.32.10,local_lock=none,addr=10.24.32.5,_netdev)

Yet it's still mounted read-only:
babylon5:root:~:77 # touch /mnt/epsilon3/test
touch: cannot touch '/mnt/epsilon3/test': Read-only file system


Another example:

epsilon3:root:/home/alaric:136 # zfs get -e share.all rpool/pdata | grep 
-v 'default$'
NAME         PROPERTY                            VALUE        SOURCE
rpool/pdata  share.nfs                           on           local
rpool/pdata  share.nfs.sec.default.root          10.24.32.10  local
rpool/pdata  share.nfs.sec.default.rw            10.24.32.10  local
rpool/pdata  share.nfs.sec.sys.root              10.24.32.10  local
rpool/pdata  share.nfs.sec.sys.rw                10.24.32.10  local
rpool/pdata  share.point                         /pdata       local
rpool/pdata  share.protocols                     nfs          local

epsilon3:root:/home/alaric:141 # ls -ld /home /pdata
drwxr-xr-x  3 root root  3 Jan 11 11:07 /home/
drwxr-xr-x 16 root root 16 Jan  2 22:08 /pdata/

babylon5:root:~:80 # mount -t nfs4 -o 
rw,rsize=16384,wsize=16384,soft,suid,tcp,noatime,_netdev,nofail 
epsilon3:/pdata /mnt/pdata
mount.nfs4: access denied by server while mounting epsilon3:/pdata


On 11.3, all I needed was share.nfs.sec.sys.rw, share.nfs.sec.sys.root, 
and share.nfs=on.  (And or course zfs share <filesystem>.)

Clearly I am missing something, but I don't understand what.  Can anyone 
point out the error of my ways?



-- 
   Phil Stracchino
   Babylon Communications
   phils at caerllewys.net
   phil at co.ordinate.org
   Landline: +1.603.293.8485
   Mobile:   +1.603.998.6958

More information about the geeks mailing list