Hi,
I have set up nfs server and and it works fine. The folders I want to share appear on the other machines, but I have a permission problem. I have given the shares I wanted to be accessible for other users/guest a 777. On one share this works fine, but on a Ubuntu box, the share is not possible to write to. Can anybody tell me where to look for setting the permissions right?
DAg R
Without any technical information not many people (magicians excepted) will be able to help you.
On the NFS server:
cat /etc/exports
and
ls -ld <of each exported directory>
On the client(s)
grep nfs /etc/fstab
and
ls -ld <of the mount point(s)>
would be good starter.
OK. Here it is!
server:
dag@opensuse:~> cat /etc/exports
/home/dag/Music *(ro,root_squash,sync,no_subtree_check)
/home/dag/Public *(ro,root_squash,sync,no_subtree_check)
/home/dag/Downloads 192.168.1.5(ro,root_squash,sync,no_subtree_check)
dag@opensuse:~> ls -ld /home/dag/Downloads
drwxrwxrwx 2 dag users 56 Jun 7 21:27 /home/dag/Downloads
dag@opensuse:~> ls -ld /home/dag/Music
drwxr-xrwx 91 dag users 8192 Jun 7 21:27 /home/dag/Music
dag@opensuse:~> ls -ld /home/dag/Public
drwxrwxrwx 3 dag users 20 Jun 9 14:12 /home/dag/Public
client:
grep nfs /etc/fstab:
192.168.1.6:/home/dag/Downloads /home/dag/nedlastninger@opensuse nfs4 rsize=8192, wsize=8192, timeou=14, initr
dag@AONE:~$ sudo ls -ld /home/dag/nedlastinger@opensuse
drwxrwxrwx 2 dag users 56 juni 7 21:27 /home/dag/nedlastinger@opensuse
ps. It is the Downloads folder which is most interesting to me why it fails (or I fail) to make writeable.
Dag R
When your problem is that you can not write to the NFS mounted file system on the client, that is rather obvious to me. You have exported it read-only!
PS, I have send you a PM about the using of CODE tags in posts.
Thanx. I removed the “ro” in Yast on the shared folders (nfs server). Do I have to do something more than save this in the program? Because I just saved the right parameters, but the lock has not gone from the mounted folders.
Dag R
I should assume that YaST, being your helper, should reexport the directories when you change something. But it does not hurt to do this yourself
man exportfs
explains you that you should use
exportfs -r
to reexport all directories. And that is what should be done when something changed I assume. (as root of course).
BTW, I doubt that having the permissions set to rwxrwxrwx is a very secure setting 
I have done as you instructed me, but it still does not work. Is the somewhere else the permission can be set?
Dag R
Hm, it could be that /home/dag on the client has a different owner then /home/dag on the server. The username dag is not the deciding factor here. The useriid (UID) is.
Please show
ls -dln /home/dag
on both the server and the client.
Hi,
the output is as follows, client:
drwxr-xr-x 34 1000 1000 4096 juni 11 21:49 /home/dag
server:
drwxr-xr-x 24 1000 100 4096 june 13 10:46 /home/dag
It is a pity that you seem not to be able to answer more then once every 24 hours. That does not speed up the discussion 
As you see from your listing the groupname users has in one system the GID 1000 and in the other one 100. Which means that they are in fact different groups. That is something that will hamper cross system ownership/permissions. The usage of NFS assumes a rather tight connection between the systems involved, special in the aspect of user/group administration. That is the reason why, in bigger shops (many systems, users, groups) a centralized user/group administration system like NIS is preferred.
In your case (two or maybe three systems) doing this without things like NIS is not to difficult, but it must be done. Thus my advice is to synchronize this. Users and groups that are supposed to represent the same human (or logical) users and their grouping should have the same UID resp. GID (and preferable the same, unique over all systems, username/groupname to avoid confuson).
Changing a GID (e.g. from 100 to 1000) is however something that should be planed and executed carefully.
Apart from this, I have another check that you can do: see if the mount is not read-only on the client:
mount | grep nfs
I will check in to see yout reply and respond quickly:)
dag@AONE:~$ mount | grep nfs
192.168.1.6:/home/dag/Public on /home/dag/public@opensuse type nfs4 (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.5,local_lock=none,addr=192.168.1.6)
192.168.1.6:/home/dag/Downloads on /home/dag/nedlastinger@opensuse type nfs4 (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.5,local_lock=none,addr=192.168.1.6)
Can you see anything in here which tells that the folders are read only?
Dag R
Mounted rw (as it should be).
Let us try the following to illustrate that you can not write in that directory (until now we only have your story, but no computer facts on that):
cd /home/dag/public@opensuse
ls -l
touch somefile
ls -l somefile
dag@AONE:~$ cd public@opensuse/
dag@AONE:~/public@opensuse$ touch tread
touch: cannot touch ‘tread’: Read-only file system
dag@AONE:~/public@opensuse$ ls -l tread
-rw-r--r-- 1 dag users 51 juni 13 10:55 tread
This gives me some uncertaincies :(, but when tread already exists, the errorr message is rather clear, but I can not explain it because the mount output shows otherwise.
Another point of failure here came to my mind. On the server the file system that contains /home/dag/Public may itself be read-only. Not likely, but it is easy to check. Is that /home on the server?
OK. I try one more time:
dag@AONE:~$ cd /home/dag/public@opensuse/
dag@AONE:~/public@opensuse$ ls -l
total 4
drwxrwxrwx 5 dag users 63 mai 15 11:56 serier
-rw-r--r-- 1 dag users 51 juni 13 10:55 tread
dag@AONE:~/public@opensuse$ touch tread
'touch: cannot touch ‘tread’: Read-only file system
dag@AONE:~/public@opensuse$ ls -l tread
-rw-r--r-- 1 dag users 51 juni 13 10:55 tread
I chose tread because I just made this file and copied (on the server) to the folder. I did not make any big thinking before I chose that file.
What do you mean by “Is that /home on the server?”
1-2 Thanks.
3. I did not give you any choice, I asked for
touch somefile
not for
touch tread
No need to re-do that now, but please in the future either do what people ask you (they have thought over it), or explain why you are not able or willing to do that (you are free to do that, after that it is your system and your reponsibility). But pease do not deviate without saying anything, that is frustrating for the helpers.
The error says: read-only file system. As we know that on the client the NFS mounted file system is not read-only (but rw), I thought about the file system on the server.
On the server you are exporting /home/dag/Downloads. That directory is of course inside a fiile system. Which file system? Most probably it is in the file system mounted as /home on the server. But that is only an assumption. Only you know (or can find out) if it is the file sysem on / (most unprobable), /home (very probable) or if /home/dag is a file system on it’s own (possible) or even that /home/dag/Downloads is a file sysem of it’s own (also possible). When you have no idea, on the server:
mount | grep home
will give you the needed information.
It will btw also tell us if the file system we are looking for is mounted read-only or not.
==================
I am going to re-read this whole thread (after alll we are now in it for three days already, easy to forget information that was given three days ago). I have the idea that I am missing something (those GIDs of 1000 vs. 100 do confuse me).
Also in your first post there is confusing (for me) information:
On one share this works fine, but on a Ubuntu box, the share is not possible to write to
Here you compare a “share” with a “box”. Now I am not sure about what a “share” is (as far as I know it is Microsoft lingo and maybe applicable when you use SAMBA), but I do not see a “share” as sort of box to be compared with an Ubuntu box).
So please explain which export - mount combinations work on which client system(s) (if you have more).
Also take note of the fact that while Ubuntu should of course also be able to mount NFS exports, I have no detailed knowledge of Ubuntu. All I input above is based on general Unix/Linux knowledge and some extra openSUSE experience.
Touch somefile. I thought you had to have an existing file. You must understand that a lot of the linux users on this forum is both newbies and have not engilsh as the first language. In code examples it often refers to sdx or your nameofyourhomefolder. What is an example or a real/concrete instruction, can some times be difficult to understand,
dag@opensuse:~> mount | grep home
/dev/sdb3 on /home type xfs (rw,relatime,attr2,inode64,noquota)
Also in your first post there is confusing (for me) information:
On one share this works fine, but on a Ubuntu box, the share is not possible to write to
I double checked this last night. It is the same on the second client machine. Something fooled med to believe it worked there, but it is the same, and the user/group is also 1000 and 100
(those GIDs of 1000 vs. 100 do confuse me).
Back to this one.
Did you read
man exportfs
There it says:
rw
Allow both read and write requests on this NFS volume. The default is to disallow any request which changes the filesystem. This can also be made explicit by using the ro option.
Thus you must have rw as an option to make it read-write. When I take your text above literaly, you only have removed ro. That is NOT enough.
OK, I understand. I normaly do then something like <somefilename> and explain extra that that should be replaced by something applicable. But not everybody is that specific And it wouldn’t have been that important in this case when you had not left out the ls -l.
So that is OK, but my post above might be more important for a solution now. Specialy because it is now clear that all client “boxes” suffer from the same as you mention below:
Yeah. Now it seems to work. I will check this thoroughly, but it seems to work now. I have one more question concerning security on the server:
BTW, I doubt that having the permissions set to rwxrwxrwx is a very secure setting
Do you have a preposition to better way to set the permissions?
