Home / server / Questions / 240897
Accepted
Darren
Asked: 2011-02-28 10:12:29 +0800 CST

How to properly set permissions for NFS folder? Permission denied on mounting end.

  • 772

I'm trying to connect to an NFS folder on my dev server. The owner of the folder on the dev server is darren and group darren.

When I export and mount it to my Mac using the Disk Utility it mounts, but then when I try to open the folder is says I do not have permissions. I have set rw, sync, and no_subtree_check. The user on the Mac is darren with a bunch of groups.

Do I need to have the same group and user set to access the folder?

linux ubuntu nfs

5 Answers

  1. Best Answer

    NFS is built on top of RPC authentication. With NFS version 3, the most common authentication mechanism is AUTH_UNIX. The user id and group id of the client system are sent in each RPC call, and the permissions these IDs have on the file being accessed are checked on the server. For this to work, the UID and GIDs must be the same on the server and the clients. However, you can force all access to occur as a single user and group by combining the all_squash, anonuid, and anongid export options. all_squash will map all UIDs and GIDs to the anonymous user, and anonuid and anongid set the UID and GID of the anonymous user. For example, if your UID and GID on your dev server are both 1001, you could export your home directory with a line like

    /home/darren 192.168.1.1/24(rw,all_squash,anonuid=1001,anongid=1001)

    I'm less familiar with NFS version 4, but I think you can set up rpc.idmapd on the clients to alter the uid and gid they send to the server.

    • 93

  2. When you mount NFS, your permissions you're mounting it with must match up with what you have on the server. For example, if your user has only read-only access, mounting it with read-write will cause you to see the same errors you mentioned in your post when you try to actually load the mount. Unfortunately, this will ONLY show up when accessing the folder, not when you actually mount it.

    You also want to make sure that the user NFS is running as on the server and the user on the client are using the same UID and GID. You can check these values by running id darren on both the server and the client. If the UID and GID values do not match up, you can edit /etc/passwd to make it so — but make sure you understand what you're doing before arbitrarily changing values!

    Some good sources:

    I hope this helps!

    • 29

  3. Do your UIDs and GIDs match on both servers? That's what it's using to control access and not the login and group name.

    • 3

  4. Example on how to mount a NFS share on Ubuntu Eoan as a server and MacOS Catalina as a client.

    Example assumptions (you need to adapt this):

    Client PC name: Bills-MBP

    (Press Cmd+Space, start 'terminal', there something like bill@Bills-MBP: is written as a prompt. Use what's written between the @ and the : as client PC name further below).

    Username in Ubuntu: tux

    (Press the penguin-key on your keyboard, if you have none, order a penguin keyboard sticky and place it over the ugly key with four mis-shaped squares near the space bar. Enter "terminal", start the terminal, the user name will be shown before the @ sign in the prompt. E.g. "tux@dustycray:")

    PC name of Ubuntu: dustycray

    (Can be found out like shown above.)

    Folder on Ubuntu to be shared: /home/tux/mp3

    Use whatever folder you need to share as absolute path

    On the NFS-Server (Ubuntu EOAN in my case) enter in the terminal (which we opened as shown above):

    id -u tux
# remember the number, use it below as anonuid (replace the 1000 there)
id -g tux
# remember the number, use it below as anongid (replace the 1001 there)
sudo nano /etc/exports
# At the end of the file add the following line, replace the path name, the Client PC Name and the two numbers with your values:
/home/tux/mp3 Bills-MBP(rw,sync,insecure,all_squash,anonuid=1000,anongid=1001)
#leave with ctrl+x and confirm file saving
sudo exportfs -ra

    Now on the mac, open a terminal as shown above and enter (leave /private/nfs as it is):

    sudo make /private/nfs
#Replace the ubuntu pc name (dustycray) and the path (home ...) by your's now:
sudo mount -t nfs -o resvport,rw dustycray:/home/tux/mp3 /private/nfs

    Then the NFS can be accessed in the path /private/nfs. In finder you will see a new entry called (e.g.) "dustycray" on the left in the section "locations", also in file-open dialogs.

    Above's mount procedure is not permanent, I use a script to mount it whenever I need it. However, you can also make the mount permanent if you like (e.g. System preferences / Users&Groups / Login Items / + / Select any root folder within (!) the NFS share / Add).

    • 0

  5. For me the issue was fixed by providing _netdev mounting option on client.

    I.e. add this to /etc/fstab:

    nfs-server:/   /mnt   nfs4    _netdev,auto  0  0
    • -3