# SOLVED: NFS share mounted rw OK, Permission denied writing

## grunthus

Hi,

I have 12 gentoo boxes on a LAN using /home mounted via NFS. 1 of the boxes is being a right pain in the derriere. All other 11 boxes mount rw and allow rw in practice. One client (fladdicap) reports mount as rw but in practice behaves as read only, giving Permission Denied on any write attempt.

The client mounting via NFS with a problem is hostname fladdicap.

The NFS server is hostname mooa.

Client fladdicap's fstab line:

```

mooa:/home              /home           nfs             rw,hard,intr    0 0
```

```

*  net-fs/nfs-utils

      Latest version available: 1.1.3

      Latest version installed: 1.1.3

```

```
fladdicap ~ # uname -a

Linux fladdicap 2.6.22-gentoo-r9 #4 SMP Tue Feb 26 23:01:47 UTC 2008 i686 AMD Athlon(tm) AuthenticAMD GNU/Linux
```

```
fladdicap ~ # grep NFS /usr/src/linux/.config

CONFIG_NFS_FS=y

CONFIG_NFS_V3=y

# CONFIG_NFS_V3_ACL is not set

# CONFIG_NFS_V4 is not set

# CONFIG_NFS_DIRECTIO is not set

CONFIG_NFSD=y

CONFIG_NFSD_V3=y

# CONFIG_NFSD_V3_ACL is not set

# CONFIG_NFSD_V4 is not set

CONFIG_NFSD_TCP=y

CONFIG_ROOT_NFS=y

CONFIG_NFS_COMMON=y

```

NFSv3 Server (mooa)'s /etc/exports

```
mooa ~ # cat /etc/exports 

# /etc/exports: NFS file systems being exported.  See exports(5).

/home   192.168.1.0/255.255.255.0(rw,sync,no_subtree_check)
```

```
mooa ~ # grep NFS /usr/src/linux/.config

CONFIG_NFS_FS=y

CONFIG_NFS_V3=y

# CONFIG_NFS_V3_ACL is not set

# CONFIG_NFS_V4 is not set

# CONFIG_NFS_DIRECTIO is not set

CONFIG_NFSD=y

CONFIG_NFSD_V3=y

# CONFIG_NFSD_V3_ACL is not set

# CONFIG_NFSD_V4 is not set

CONFIG_NFSD_TCP=y

CONFIG_ROOT_NFS=y

CONFIG_NFS_COMMON=y

```

```
mooa ~ # uname -a

Linux mooa 2.6.22-gentoo-r9 #3 SMP Thu Jan 31 09:24:36 UTC 2008 i686 Celeron (Mendocino) GenuineIntel GNU/Linux

```

```
*  net-fs/nfs-utils

      Latest version available: 1.1.0-r1

      Latest version installed: 1.1.0-r1
```

Hope anyone can suggest some things to try, since all other 11 boxes seem to do just fine!!! 

As a start, I'd like to turn up logging, not sure how. I tried looking at init scripts for nfs, but no logging data yet.

Thanks

----------

## shickapooka800

when you ls -al the directories on the client, do they have the same permissions as on other clients and the server?

just as a sanity check, you could make an empty test directory and experiment with different permissions (777, 755, 775 etc...) and mount it on the troubled client.  this will make sure that nfs is working properly.  

if all goes well, maybe it is a userid,groupid mangleing problem?  how are users and groups managed across these machines?  how are the userid's and groupid's different on the troubled machine?

----------

## krinn

also try <ls /var/lib/nfs/rpc_pipefs> on client computer that doesn't work

----------

## Hu

You would get Read-only file system if it was a read-only mount.  Either you have a userid mapping problem or, if you are using root, you have root squashing turned on and root on the client is being mapped to nobody on the server.  Thus, root can only write to a file if nobody can write to that file.

----------

## grunthus

```
fladdicap ~ # ls /var/lib/nfs/rpc_pipefs -al

total 8

drwxr-xr-x 2 root root 4096 Nov 24 11:47 .

drwxr-xr-x 7 root root 4096 Nov 24 22:55 ..
```

Clients, including the dodgy client all have the same permissions and ownership.

First sign of narrowing this down, per shickapooka800's advice, I made a /home/test directory, chmod 777. All users on the client can then write to this directory. I'm using NIS for passwd maps.

If the /home/test directory is chmod 775 and chown bob:bob then bob can no longer write to it. So looks like a uid mapping problem as Hu indicates?

How would I proceed with investigating that?

Thanks!

----------

## Hu

Yes, that sounds like a uid mapping problem.  What is the output of id bob on the server and the output of id in the shell that tried to touch a file in /home/test?

Also, note that root squashing is enabled by default, and your exports line does not disable it.

----------

## sleepless9

I had the same problem a few weeks ago.. Mounting ok, listing files ok, but permission denied on writing. And the day before that everything worked fine.

I spent a day to double-check my configuration and the UIDs again, just to find out in the end that I had different versions of nfs-utils (and/or) portmap between the server and the client.. Probably an upgrade screwed something up. Emerging the latest version of portmap and nfs-utils in both machines solved it for me. Remember to shut portmap down before emerging. After the update I remember getting strange errors while trying to mount, and the problem was an rpc.statd running from the previous version that was not killed from init.d.

----------

## grunthus

Since I don't want to tinker with my NFS server just yet I just downgraded my client boxes net-fs/nfs-utils to version 1.1.0-r1 (upgrade to 1.1.3 seemed to break rw access to mounted filesystems over NFS)

(I'm building a replacement NFS/ypbind server for one which has not been upgraded for several years, 2.4 kernel, Pentium2 350MHz - so I'm just not going near upgrading it. Strange how one develops a sense of attachment to a venerable old box, which has served my network for years 24/7 with no complaints)

----------

## rfabbri

 *grunthus wrote:*   

> Since I don't want to tinker with my NFS server just yet I just downgraded my client boxes net-fs/nfs-utils to version 1.1.0-r1 (upgrade to 1.1.3 seemed to break rw access to mounted filesystems over NFS)
> 
> 

 

I experienced the exact same problem, gave me headaches for a week. I should have quickly searched this forum before starting a quest to read so much background material for nothing. Both my workstation and laptop are NIS/NFS clients running Gentoo with the exact same config, but from the laptop where nfs-utils is older the id mapping works, but from the workstation it doesn't. The problem is that I couldn't find an ebuild for nfs-utils 1.1.0-r1. The oldest I could get was 1.1.3 which still causes the same problem as mentioned by grunthus.

Here is a very dirty temporary solution:

```
emerge --unmerge libnfsidmap nfs-utils

emerge librpcsecgss

emerge =libnfsidmap-0.19

emerge =nfs-utils-1.1.3

```

The last line is part of this dark trick of fooling gentoo into thinking that nfs-utils is installed.

Download nfs-utils 1.1.0-r1 from https://sourceforge.net/project/showfiles.php?group_id=14&package_id=174 and compile it from source.

```
./configure --enable-gss=no

make && make install

/etc/init.d/portmap restart

```

You should not get the message "ERROR:  Some services needed are missing" if you followed the above steps literally.

Now mount your nfs shares as usual, e.g. mount -a.

----------

