Welcome, Guest
Please Login or Register.    Lost Password?

Sun 7000 chown permissions for root on NFS client
(1 viewing) (1) Guest
Storage Related Topics and Discussions
Go to bottomPage: 1
TOPIC: Sun 7000 chown permissions for root on NFS client
#39
Sun 7000 chown permissions for root on NFS client 10 Years, 5 Months ago Karma: 2
I was setting up a Sun 7000 Unified Storage system to be accessed via NFS from some Unix and Linux clients, as well as doing an
NFS share for VMware ESX. Ran into some permission problems with Root and Changing ownership of files. Thought I would write up
what it took to get this working since I didn't find it answered anywhere correctly on the Net.

When I was copying over some of the ESX VMDK files onto a Sun 7210 system. Once the data was migrated onto the NAS, I noticed
that I was getting permission errors when trying to change the mode of the files. I was running as the root user at the time and thought
it was strange.

First I had noticed that my User ID values were not as I would have liked, then I realized I was running NFS Version 4. The 7000 storage,
when using NFSV4 maps the identities to an authentication server and does a Unix/Windows Identity mapping server to map the UID/GID
values appropriately. Linux and VMware, at the time of this writing, don't support NFS V4 anyway in the standard distributions.

What I really wanted to accomplish was simply to have an NFS server provide me my filing system with the ability for root on a particular box
being able to modify the files necessary which were NFS mounted.

In order to do this, I had to do the followings and undo some of the default settings which were used upon initial setup.

If NFSV3 is all you will ever need/want, then you can go the the configuration screen and select protocols, then choose NFS and set the
MAX Version to 3. (THIS WILL EFFECT EVERYONE TALKING TO THIS APPLIANCE AND COERCE THEM TO NFSV3 - USE WISELY IF USED)

A much more graceful method to achieve this on a system by system basis would be to specify the appropriate values in the *fstab file:

/etc/*fstab entry could look like this: (Solaris 10 vfstab entry)
sun7210nas:/export/share_name - /mnt_point nfs - - rw,rsize=32768,wsize=32768,vers=3

(The "vers=3" is what will migrate down the version / protocol of NFS that is used when the client negotiates the setup.)
If you're on a system that only supports V3 NFS, then you don't need to do any of this Version 3 client setup, such as VMware ESX.


Next, go to Shares -> Sharename -> Protocol -> NFS and put "root" in as the Anonymous User, it defaults to "nobody" as a security
precaution initially - which is the correct thing to do. Validate your local security policies with regards to the data you're storing on this share!
(You're allowing "root" access to this data - which is the reason for this article to begin with). This is what essentially setting the
"anon=0" flag in a share of a traditional NFS server.

Next, to tighten things down in a little more granular mode, go down to the NFS Exceptions section. Add a specific host you want
to have access to this NFS Share, or network, or domain - you choose based upon your need. The important part here is to be able to
select the check box for "Root Access" (Chances are you will want Read/Write" enabled as well!)

You should be able to mount the filing system from the remote client and be able to be the user root and be able to change ownership of files and
work with the data as you would be normally accustomed to in a traditional NFS environment.

Hope this helps!!!
Last Edit: 2010/04/19 12:13 By halls.Reason: spelling error
The administrator has disabled public write access.
 
Go to topPage: 1
Moderators: halls
get the latest posts directly to your desktop