Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Solaris 10 NFS mount ACL "Permission denied" Problem
1,978 views
Skip to first unread message
jeffer...@gmail.com
Oct 15, 2016, 1:38:39 AM10/15/16
to
This seems to be a long-standing problem and I wasn't able to find a
solution on the web. I hope someone reading this might have a clue as
to what can be done.
I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
client.
On dymaxion I have a directory:
# ls -ld /x/u/cad
drwxr-xr-x 32 jeff cjs 4096 Nov 27 2014 /x/u/cad
I export the directory. From /etc/exports:
/x/u/cad cjsa2(rw,sync,no_subtree_check,no_root_squash)
On the Solaris 10 system I add to /etc/vfstab:
dymaxion:/x/u/arris - /nfs/dym/cad nfs - yes bg
and mount it.
# mount /nfs/dym/cad
So far so good. On the Solaris system you can list (ls) the contents
of /nfs/dym/cad. You can read files there, create new files in the
subdirectories and delete files. However, you cannot execute files
because you cannot access the permissions. Even a long listing of the
contents is denied. For example:
# ls -l /nfs/dym/cad
ls: can't read ACL on cad: Permission denied
The ACLs on the directory on both systems are identical:
# getfacl cad
# file: x/u/cad
# owner: jeff
# group: cjs
user::rwx
group::r-x
other::r-x
My user and group ids are identical on both systems and from notes from
other problem reports, I made sure that the NFS domain was the same on
both systems:
Linux: /etc/idmapd.conf
Domain = cjsa2
Solaris: /etc/default/nfs
NFSMAPID_DOMAIN=cjsa2
Nothing has improved the situation. Many people report having an issue and
this might be a bug in Solaris 10. I have no way to upgrade that system,
so I'm hoping there is a solution or workaround that will allow me to
successfully use this mount.
Thanks.
solution on the web. I hope someone reading this might have a clue as
to what can be done.
I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
client.
On dymaxion I have a directory:
# ls -ld /x/u/cad
drwxr-xr-x 32 jeff cjs 4096 Nov 27 2014 /x/u/cad
I export the directory. From /etc/exports:
/x/u/cad cjsa2(rw,sync,no_subtree_check,no_root_squash)
On the Solaris 10 system I add to /etc/vfstab:
dymaxion:/x/u/arris - /nfs/dym/cad nfs - yes bg
and mount it.
# mount /nfs/dym/cad
So far so good. On the Solaris system you can list (ls) the contents
of /nfs/dym/cad. You can read files there, create new files in the
subdirectories and delete files. However, you cannot execute files
because you cannot access the permissions. Even a long listing of the
contents is denied. For example:
# ls -l /nfs/dym/cad
ls: can't read ACL on cad: Permission denied
The ACLs on the directory on both systems are identical:
# getfacl cad
# file: x/u/cad
# owner: jeff
# group: cjs
user::rwx
group::r-x
other::r-x
My user and group ids are identical on both systems and from notes from
other problem reports, I made sure that the NFS domain was the same on
both systems:
Linux: /etc/idmapd.conf
Domain = cjsa2
Solaris: /etc/default/nfs
NFSMAPID_DOMAIN=cjsa2
Nothing has improved the situation. Many people report having an issue and
this might be a bug in Solaris 10. I have no way to upgrade that system,
so I'm hoping there is a solution or workaround that will allow me to
successfully use this mount.
Thanks.
Ian Collins
Oct 15, 2016, 4:18:06 AM10/15/16
to
On 10/15/16 06:38 PM, jeffer...@gmail.com wrote:
> This seems to be a long-standing problem and I wasn't able to find a
> solution on the web. I hope someone reading this might have a clue as
> to what can be done.
>
> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
> client.
The useful answer this that the Linux NFS server is rubbish, especially
> This seems to be a long-standing problem and I wasn't able to find a
> solution on the web. I hope someone reading this might have a clue as
> to what can be done.
>
> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
> client.
for NFS v4 compounded by Linux not supporting v4 ACLs). Are your mounts
using v4 or v3? If the former, what happens if you force the latter?
--
Ian
YTC#1
Oct 15, 2016, 7:17:40 AM10/15/16
to
On 15/10/2016 09:18, Ian Collins wrote:
> On 10/15/16 06:38 PM, jeffer...@gmail.com wrote:
>> This seems to be a long-standing problem and I wasn't able to find a
>> solution on the web. I hope someone reading this might have a clue as
>> to what can be done.
>>
>> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
>> client.
>
>
> The useful answer this that the Linux NFS server is rubbish, especially
>
We should stop all this mud slinging, it upsets people.
> On 10/15/16 06:38 PM, jeffer...@gmail.com wrote:
>> This seems to be a long-standing problem and I wasn't able to find a
>> solution on the web. I hope someone reading this might have a clue as
>> to what can be done.
>>
>> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
>> client.
>
>
> The useful answer this that the Linux NFS server is rubbish, especially
>
Can we not just agree that Linux is different. :-)
I was going to suggest using V3 as well, V4 tends to lead to many brain
aches.
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Chris Ridd
Oct 15, 2016, 8:29:53 AM10/15/16
to
On 15/10/2016 12:17, YTC#1 wrote:
> On 15/10/2016 09:18, Ian Collins wrote:
>> On 10/15/16 06:38 PM, jeffer...@gmail.com wrote:
>>> This seems to be a long-standing problem and I wasn't able to find a
>>> solution on the web. I hope someone reading this might have a clue as
>>> to what can be done.
>>>
>>> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
>>> client.
>>
>>
>> The useful answer this that the Linux NFS server is rubbish, especially
>>
> We should stop all this mud slinging, it upsets people.
>
> Can we not just agree that Linux is different. :-)
>
> I was going to suggest using V3 as well, V4 tends to lead to many brain
> aches.
I remember having problems with Linux NFS clients and [Open]Solaris
> On 15/10/2016 09:18, Ian Collins wrote:
>> On 10/15/16 06:38 PM, jeffer...@gmail.com wrote:
>>> This seems to be a long-standing problem and I wasn't able to find a
>>> solution on the web. I hope someone reading this might have a clue as
>>> to what can be done.
>>>
>>> I have a Linux server (dymaxion) running Xubuntu 16.04.1 and a Solaris 10
>>> client.
>>
>>
>> The useful answer this that the Linux NFS server is rubbish, especially
>>
> We should stop all this mud slinging, it upsets people.
>
> Can we not just agree that Linux is different. :-)
>
> I was going to suggest using V3 as well, V4 tends to lead to many brain
> aches.
NFSv4 servers about 5 years ago. It *still* isn't any better then?
--
Chris
YTC#1
Oct 15, 2016, 1:59:58 PM10/15/16
to
jeffer...@gmail.com
Oct 16, 2016, 12:03:18 AM10/16/16
to
A big thanks to everyone who responded to this. You were correct that there is some incompatibility between Solaris and Linux using NFSv4. On the Solaris system I added the mount option "vers=3" to the /etc/vfstab entries and everything started working.
I don't know if the ACL incompatibility problem resides in Linux or Solaris, but I am very glad to now have a solution to the problem. If the problem IS in the Linux NFS server, then yes, this is disappointing that it hasn't been addressed after all this time!
Thanks again pointing me in the right direction.
I don't know if the ACL incompatibility problem resides in Linux or Solaris, but I am very glad to now have a solution to the problem. If the problem IS in the Linux NFS server, then yes, this is disappointing that it hasn't been addressed after all this time!
Thanks again pointing me in the right direction.
Ian Collins
Oct 16, 2016, 12:18:16 AM10/16/16
to
On 10/16/16 05:03 PM, jeffer...@gmail.com wrote:
> A big thanks to everyone who responded to this. You were correct
> that there is some incompatibility between Solaris and Linux using
> NFSv4. On the Solaris system I added the mount option "vers=3" to
> the /etc/vfstab entries and everything started working.
Good to know.
> A big thanks to everyone who responded to this. You were correct
> that there is some incompatibility between Solaris and Linux using
> NFSv4. On the Solaris system I added the mount option "vers=3" to
> the /etc/vfstab entries and everything started working.
> I don't know if the ACL incompatibility problem resides in Linux or
> Solaris, but I am very glad to now have a solution to the problem.
> If the problem IS in the Linux NFS server, then yes, this is
> disappointing that it hasn't been addressed after all this time!
From what I've seen, NFS-v4 support in Linux is still patchy. The
biggest ACL issue I've seen is ZFS on Linux doesn't support ZFS ACLs.
--
Ian
Scott
Oct 16, 2016, 2:25:09 PM10/16/16
to
I think you have to specify an fsid=0 for your root exported filesystem also.
Also, I use FQDNs on both hosts, and a DNS SRV record.
Regards, Scott
Also, I use FQDNs on both hosts, and a DNS SRV record.
Regards, Scott
jeffer...@gmail.com
Oct 18, 2016, 5:05:02 PM10/18/16
to
On Sunday, October 16, 2016 at 11:25:09 AM UTC-7, Scott wrote:
> I think you have to specify an fsid=0 for your root exported filesystem also.
> Also, I use FQDNs on both hosts, and a DNS SRV record.
Scott: In trying to debug the original problem, I tried all sorts of things, including creating an /export directory and placing links to the directories that I wanted to export under that. At that time I did add an
> I think you have to specify an fsid=0 for your root exported filesystem also.
> Also, I use FQDNs on both hosts, and a DNS SRV record.
fsid=0 to the /etc/exports entry for that directory. However, what I found was that, under both NFSv3 and NFSv4, I could simply export the desired directories from anywhere in my Ubuntu filesystem and mount them as desired under Solaris. From my reading of the documentation, apparently a UUID for each export is generated and used.
My LAN is limited to a small number of devices, so static IPs and host files listing all the machines/devices are used, eliminating any of the other potential problems.
Thanks for the feedback.
0 new messages