Not sure why, but since installing 15.1 (IINM) I can’t write to a NFS share from the client.
I have only one writable share on the server and 4 client boxes that access it.
Three of the boxes have the same user as the server, but none can write. All can read and copy files.
On the server side (only writable share shown):
:~> cat /etc/exports
/home/brunomcl/Gravados/Publico *(rw,root_squash,sync,no_subtree_check)
:~> ls -l ~/Gravados
drwxrwxrwx 11 brunomcl users 4096 jan 21 18:24 Publico
On one of the 3 boxes:
192.168.0.8:/home/brunomcl/Gravados/Publico /home/brunomcl/Shares/Publico nfs soft,noauto,rw,users,timeo=100,retrans=200 0 0
On the 4th client side:
192.168.0.8:/home/brunomcl/Gravados/Publico /home/juliana/Shares/Publico nfs noauto,users 0 0
On one of the three boxes with the same user:
:~/Shares> ls -l
drwxrwxrwx 11 brunomcl users 4096 jan 21 18:24 Publico
I don’t have access to the 4th box right now, but the mount point is under user juliana’s home, and has normal permissions, something like:
drwxr-xr-x 5 juliana users 236 jan 21 17:30 Publico
What am I not seeing?
TIA,
Bruno
Well, as you can see there are differences in the permissions. Change juliana’s permissions on Publico to rwxrwxrwx and see if that helps.
Thanks Knurpht. No joy - actually I really didn’t expect it to work, as the other client box has these folder permissions already, but your suggestion started me thinking about authentication.
It IS a permissions (or better, authentication) issue, because if disable NFSv4 with Yast on both server and client I can write to the share from all boxes.
In Yast GSS security is disabled, and NFSv4 domain name is the default localdomain on both server and client.
So, my question is: why can I read but not write with NFSv4?
There’s a summary in the Reference Handbook: <https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha-nfs.html#sec-nfs-overview>.
The list of differences between NFSv3 and NFSv4.x is not small but, the Handbook provides what you may be looking for:
NFSv3NFSv3 is the version 3 implementation, the “old” stateless NFS that supports client authentication.
NFSv4NFSv4 is the new version 4 implementation that supports secure user authentication via Kerberos. NFSv4 requires one single port only and thus is better suited for environments behind a firewall than NFSv3.
The protocol is specified as RFC 3530 - Network File System (NFS) version 4 Protocol.
Please note that, despite NFSv4 supporting Kerberos, it doesn’t need Kerberos – provided the UIDs and GIDs on the Server and Clients are synchronised, NFSv4 does run satisfactorily without Kerberos …
Well, I have exactly the same username, uid and gid in both machines:
Server:
brunomcl@bruno-03:~> id
uid=1000(brunomcl) gid=100(users) grupos=100(users),463(vboxusers),491(cdrom)
brunomcl@bruno-03:~>
Client:
brunomcl@linux-7dfm:~> id
uid=1000(brunomcl) gid=100(users) grupos=100(users),463(vboxusers),491(cdrom)
brunomcl@linux-7dfm:~>
And it didn’t work. But there is a reference to idmap worth checking. For now I’ll stay with v3, and research this when I have some time.
Thanks dcurtisfra.