Permission Problems Accessing Server-based NFS Share
Help! I want to set up my home network so that I can access my files stored on the server (Mandrake 8.0) from my client machine (RedHat 7.3) using NFS. I configured /etc/export on the server side and made certain that both nfs-utils and portmap were running on the server. I proceeded to mount the exported directory at a mount point I set up on the client machine without a problem. But, when I tried to access an exported NFS share on my server machine from my client machine, I got a "permission denied" error message. On accessing the client-side mount point, I see the subdirectories but they are noted to be locked. I was eventually able to get access to the directory but only by going into the server and enabling read, write and execute privileges for "others." Might someone out there have another solution? Is there something else I can do to solve this problem without having to leave read, write and execute privileges on the directory to such a broad class of users? Jim
On Wed, Jun 12, 2002 at 10:46:03PM -0400, James E. Rame wrote: rame620> But, when I tried to access an exported NFS share on my server machine rame620> from my client machine, I got a "permission denied" error message. On rame620> accessing the client-side mount point, I see the subdirectories but they rame620> are noted to be locked. Are you trying to access files as root on the client? By default, the NFS server "squashes" root privileges for security. If it didn't, then the server would be completely open to attack by insecure NFS clients. Imagine copying a setuid shell to an NFS share from a client as root, and then logging into the server as a normal user and gaining root by running that shell you just copied there... You should use another user to access the files, or put them into a group and give group read/write access. If you REALLY want to run an insecure NFS setup, you can turn off root squashing by adding an option to /etc/exports on the server: /exported/directory 192.168.0.1(ro,no_root_squash) For read-only access, this isn't so bad. -- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886
participants (2)
-
Charles R. Anderson
-
James E. Rame