You are not logged in.
- Topics: Active | Unanswered
#1 2018-02-25 21:40:58
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
nfs mount needs to be "insecure" to work as user.
Hi,
I was debugging an issue for the good part of the day where i could see my NFS shares, but not mount or list the contents of them.
I wasn't able to do anything NFS related, clearly my setup was wrong. Turns out that prcbind wasn't running. Oops 
That made things work, but only under root.
If i would call commands like:
nfs-ls nfs://<ip>/<path>I kept getting issues like this as user:
Failed to mount nfs share : mount/mnt call failed with "RPC error: Mount failed with error MNT3ERR_ACCES(13) Permission denied(13)"Note: again, under root things worked at this point!
That very issue seemed to indicate (to me at least) that something else on my machine was wrong. After hours of googling and trying different things (like polkit policies, udev rules and boot options) i finally was about to give up.
On my local machine nothing seemed to be wrong so that error was making no sense to me anymore.
As a last attempt i thought: "oh well, lets look in the logs on the server, perhaps it shows something useful". I wasn't expecting anything to show up there because the above error seemed so locally..
But sure enough, the server contained a line like:
rpc.mountd[847]: refused mount request from <ip> for <mount> (<mount>): illegal port 49102That's a surprise! And a very crappy error message of NFS on the client side!
Now i had more sensible information. That issue is "googlable" and pointed to the "insecure" share flag (which wasn't set).
For reference, the insecure flag allows clients to connect to NFS shares with ports that are not specified as the ports to use. As you can see, the port is very high and very far from the specced port (which is 2049).
With root, it apparently either does this just fine or does use port 2049, i don't know. I did not change any NFS settings on the client.
After adding "insecure" to the respective exports lines things started working! Yay!
I'm sure other people will run into this issue sooner or later, therefore I've described it as detailed.
I do still have a question though (why else post here? 
)
How do i get Arch to behave and use the appropriate ports?
Cheers,
Mark
Last edited by markg85 (2018-02-26 09:27:31)
Offline
#2 2018-02-27 13:48:00
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,919
Re: nfs mount needs to be "insecure" to work as user.
https://wiki.archlinux.org/index.php/NF … for_NFSv3]
By default, for NFSv3 operation rpc.statd and lockd use random ephemeral ports;
Is your client and/or server using nfs3 ?
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
#3 2018-02-27 16:53:31
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
Re: nfs mount needs to be "insecure" to work as user.
https://wiki.archlinux.org/index.php/NF … for_NFSv3]
By default, for NFSv3 operation rpc.statd and lockd use random ephemeral ports;
Is your client and/or server using nfs3 ?
The client (as in KDE with Dolphin thus the KIO framework) is using NFS v3.
However, nfs-ls comes from the system "libnfs" package, i tested that on the client to list the server. That also gives the high ports.
I don't know which NFS version is used in nfs-ls or how i would possibly be able to set a version to use.
The server uses the default nfs stuff from Arch. It basically only has a custom exports file. I'm sure i changed some more things for the hostname and avahi, but nothing for the NFS version so its using whatever the defaults are.
Last edited by markg85 (2018-02-27 16:54:00)
Offline
#4 2018-02-28 12:19:41
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,919
Re: nfs mount needs to be "insecure" to work as user.
Checking wiki and manpages indicate that you can assign port numbers on the server.
The info on the wiki page appears to outdated, check the manpages for nfs and nfs.conf .
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
#5 2018-02-28 22:07:05
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
Re: nfs mount needs to be "insecure" to work as user.
Checking wiki and manpages indicate that you can assign port numbers on the server.
The info on the wiki page appears to outdated, check the manpages for nfs and nfs.conf .
Oke, will try that out and report back when i know more.
But that doesn't explain why it's working as root and not as user. I mean, it's a connection from the client (root) to the server (whatever user NFS runs on by default). The server should know nothing about the client root user.
Last edited by markg85 (2018-02-28 22:07:22)
Offline