I exported an NFS share from a server and mounted it from a client. I got permission denied errors when I tried to access it, wondered why. Made the export world-writable, created a file there, and it turned out that the client accesses it with a different user than I would expect.
My export:
/export fd48:2b50:6a95:a6db::4(ro,no_subtree_check,fsid=0,all_squash)
/export/backup-fs fd48:2b50:6a95:a6db::4(rw,no_subtree_check,root_squash,anonuid=34,anongid=34)
(Note: public IP addresses changed to private for privacy reasons.)
The intention here is to do root_squash, BUT the client's root user should be squashed to the local UID 34 (backup user); this is the purpose of anonuid, anongid. Thus, if the export is owned by UID/GID 34, the client's root user should be treated as it would be an owner of it. Yet when I create a file on the share, it gets owned by nobody/nogroup. Why? Everything matches between the two systems: both has UID/GID 34 and both named backup.
Also I had to change /export to rw, which doesn't really make sense to me, because I want the export root to be read-only and only the subdir backup-fs writable.
Server system:
Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-81-generic x86_64)
This is how the mount looks like on the client:
my-nfs-server:/backup-fs on /var/backups/fs/data type nfs4 (rw,relatime,vers=4.2,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp6,timeo=600,retrans=2,sec=sys,clientaddr=fd48:2b50:6a95:a6db::4,local_lock=none,addr=fdc8:d5f9:cbbf:b206::2001)
What particularly puzzles me is that I have THIS EXACT SAME config on another NFS server and I mount it WITH THE VERY SAME client and it works as intended. I can't find any difference between the two configurations, albeit I have an older Ubuntu and associated kernel version on the other system.
0 Answers