File sharing via NFS - permissions problem? SOLVED

RobF · 2006-11-14 04:41:57

I'd like to share files between my two linux boxes, a desktop (DT) and a laptop (LT). DT runs Xandros 3, LT runs Arch. They are connected via a router.

NFS works all right, up to a point. Using NFS, I can access all filesystems on DT from LT but the reverse is not true. Arch on LT resides in two partitions, / and /home. From DT I can access all the directories in the root filesystem / of LT as well as their subdirectories, with two exceptions. I cannot access any subdirectories in /home, including my home dir /home/robert/ which doesn't even show up, and in /mnt I cannot access the filesystems of other Linux distros that are mounted in Arch at these mountpoints (e.g. WinXP at /mnt/sda2, Xandros 4 at /mnt/sda5, Slackware 11 at /mnt/sda7) even though they can be accessed perfectly well from within Arch on LT.

I've also exported the LT /home filesystem separately by adding the line '/home DT_hostname(rw)' in /etc/exports on LT, and running # mount LT_hostname:/home /mnt/LT_hostname_home on DT. When I do that /home/robert shows up in the file manager on DT but when I want to open this directory I get the error "Access denied". The permissions for this LT directory, as seen when mounted on DT, are 'drwx--x--x 1000 users'. When I try to make this directory fully accessible by running 'chmod a+rw /mnt/LT_hostname_home/robert' as root I get the error
'chmod: changing permissions of `/mnt/LT_hostname_home/robert': Operation not permitted'.

In short, while Xandros on DT is quite permissive in allowing me to access all of its filesystems in their entirety from within Arch on LT, Arch on LT is more finicky as it denies access to Xandros on DT to some critical subdirectories.

I've also tried 'fish' in Konqueror, with similar results. Running 'fish://DT_hostname' in Arch on LT gives me full access to filesystems on DT but when I'm running 'fish://LT_hostname' on DT, I get the error 'Could not connect to host LT_hostname', i.e. Arch rejects the connection attempt.

To sum up, when I'm using NFS the permissions don't seem to be fully correct on Arch on LT, and I don't seem to be able to change them, and when I'm using 'fish' something is also fishy on the Arch side.

On a side note, both systems run firewalls (DT: Firestarter, LT: Arno's FW) which I had to stop - without doing that nothing connects. Also, both systems obviously run all necessary nfs and ssh daemons.

How can I fix this problem? Would shfs work any better? Also, I'd prefer to keep my firewalls up all the time.

Thanks for your help.

Robert

FUBAR · 2006-11-15 11:57:04

1. If you export a directory that has mount points in it (anywhere down the directory's tree), the mount points will not be accessible by NFS clients. I don't know why, but I've run into this regularly. The only solution was to export the mount points seperately (like you are doing).

2. If you see a file or directory is owned by a number (UID) rather than a username, it means the usernames aren't using the same UID on the server and client(s). You are mixing different distributions, it's very well possible your regular user has UID 1000 on Arch and UID 1001 on Xandros. NFS only cares about the UID when handling permissions, so you need to synchronize them between the boxes. Use

usermod -u <newUID> username

for that. Don't forget to do a chown of all the files owned by the username afterwards: usermod only takes care of the user's /home directory.

tomk · 2006-11-15 13:16:19

You could also review the "User ID Mapping" section of man exports for an alternative approach.

RobF · 2006-11-17 05:06:30

Thanks, FUBAR and tomk, for your tips. I eventually managed to get my two boxes (DT with Xandros and LT with Arch) connected in such a way that DT can access all filesystems on LT and vice versa. I experimented with three different ways of doing this, NFS, FISH and SHFS.

Using NFS entailed the most involved configuration of the three. FISH was the simplest to set up but SHFS wasn't that much more complicated. My preference would be for SHFS. See: http://shfs.sourceforge.net/

NFS

Using NFS in Arch only requires installing portmap and nfs-utils; most of the NFS functionality has already been compiled into the kernel. As FUBAR suspected, the uid's for user robert were different on the two machines: uid=1000 in Arch and uid=1001 in Xandros. In NFS, I got around that by putting 'no_root_squash' in the export directives in /etc/exports, i.e.

/        hostname_DT(rw,no_root_squash,subtree_check)
/home    hostname_DT(rw,no_root_squash,subtree_check)
/mnt/sda5    hostname_DT(rw,no_root_squash,subtree_check)
/mnt/sda7    hostname_DT(rw,no_root_squash,subtree_check)

Using NFS, one also has to add lines in /etc/hosts.allow for each of the daemons and programs used by NFS, specifying which hosts are allowed to use these services, e.g. in my case for portmap

portmap: 192.168.0.5, 192.168.0.7            # you have to use IP addresses!

and the same for nsfd, nfslock, lockd, rquotad, mountd, statd, mount, umount. In Xandros, two of these have different names: rpc.nsfd and rpc.mountd.

Also, to use NFS in Arch one has to add the services portmap, nfslock, nfsd to the DAEMONS line in /etc/rc.conf, e.g. right after network. Finally, I have to stop the firewalls on both machines when I want to use NFS. After doing all of that, I can use Konqueror as user robert to access all filesystems on the respective server (DT or LT) from the other machine as a client except for /home/robert and /mnt/sda7/home/robert (that's a Slackware install) on LT; for these I have to use Konqueror as root on DT.

FISH

Using FISH is very simple. Remote filesystems don't have to be mounted, and the only thing that's required is that the sshd service is running on the file server. I.e. in Arch one has to install openssh and put the service sshd in the DAEMONS line in /etc/rc.conf. Firewalls must be stopped to set up the connection but once the connection is established it looks as though one can restart the firewalls.

One should also add a line in /etc/hosts.allow for the hosts that are allowed to use sshd, i.e.

sshd: 192.168.0.5, 192.168.0.7      (or  sshd: ALL )

and comment out the line ALL: ALL: DENY in Arch's /etc/hosts.deny.

Once this is done, all that's needed to access the root filesystem of the server is to enter 'fish://root@hostname/' in the URL field of Konqueror as an ordinary user, followed by the root password.

The drawback of FISH is that one is frequently asked for the password but I suppose one can avoid that by using SSH keys.

SHFS

SHFS needs to be installed and configured on the client side, not on the server side. The server only needs to have a working sshd running. If you run Arch as a client, install shfs in it (pacman -S shfs) and make sure sshd is running on the server and firewalls are stopped.

Next, create a mount point for the remote filesystem, e.g.

# mkdir -p /mnt/shfs

Set the suid bit on /usr/bin/shfsmount and /usr/bin/shfsumount if you wish to enable all users to mount (umount) remote dirs using shfs. You can do this in Konqueror or by running

# chmod u+s /usr/bin/shfsmount
# chmod u+s /usr/bin/shfsumount

so that the permissions are: -rwsr-xr-x root root.

Then mount the remote shell filesystem:

# shfsmount root@remote_hostname:/ /mnt/shfs -o uid=robert

[or you can use # mount -t shfs root@remote_hostname:/ /mnt/shfs -o uid=robert]

Using the option -o uid=robert got me around the mismatch of uid's for robert on the two systems.

At the 'root@remote_hostname's password:' prompt enter root's password. You're ready then to access the remote filesystem as user robert at /mnt/shfs, even after the remote firewall is restarted.

As with FISH, so with SHFS, it seems to be necessary that a line is added in /etc/hosts.allow for the hosts that are allowed to use sshd, i.e.

sshd: 192.168.0.5, 192.168.0.7      (or  sshd: ALL )

and that the line ALL: ALL: DENY in Arch's /etc/hosts.deny is commented out or removed.

I'm still a newbie with file sharing on Arch (and non-Arch Linux). Forgive me if the above comes across as somewhat amateurish.

Robert

FUBAR · 2006-11-20 12:59:59

Wikify man! (If you / someone else didn't already ).

cheer · 2007-02-27 07:17:40

I wikified today:
http://wiki.archlinux.org/index.php/Sha … _two_boxes
I marked it with 'stub' because we need to format the article and may be use articles about NFS and SHFS

rieger · 2007-06-27 13:04:25

thanks, shfs lets me acces my /home on my desktop pc from my client laptop. (with NFS I got the UID problems).

If I open the mounted dir in nautilus on the client, it opens up perfectly, hower when doing another action, f.e. scrolling down the directories or opening a sub-dir, nautilus freezes. When cd'-ing through the directories from the commandline everything works fine (not an option for my girlfriend ).

Another thing I have to resolve is have the /home share mounted from after boot (added the entry in fstab but that doesn't work)

Arch Linux

#1 2006-11-14 04:41:57

File sharing via NFS - permissions problem? SOLVED

#2 2006-11-15 11:57:04

Re: File sharing via NFS - permissions problem? SOLVED

#3 2006-11-15 13:16:19

Re: File sharing via NFS - permissions problem? SOLVED

#4 2006-11-17 05:06:30

Re: File sharing via NFS - permissions problem? SOLVED

#5 2006-11-20 12:59:59

Re: File sharing via NFS - permissions problem? SOLVED

#6 2007-02-27 07:17:40

Re: File sharing via NFS - permissions problem? SOLVED

#7 2007-06-27 13:04:25

Re: File sharing via NFS - permissions problem? SOLVED

Board footer