原文地址:https://www.crifan.com/nfs_client_write_to_nfs_server_share_folder_error_permission_denied/
【背景】
折腾:
【已解决】在远程Ubuntu服务器中开通NFS服务供别人访问服务器上的文件
期间,NFS服务器端已经配置了写权限:
1
|
/home/share/image
*(rw,
sync
)
|
然后客户端去mount:
1
|
mount
-t nfs 121.41.120.185:
/home/share/image
/root/nfs_client_root/
|
可以看到文件了:
1
2
3
4
5
|
root@chantyou:nfs_client_root
# ls -l
total 240
-rw-r--r-- 1 root root 70545 May 28 2013 mmexport1369703131812.jpg
-rw-r--r-- 1 root root 82168 Sep 12 2013 mmexport1378988706739.jpeg
-rw-r--r-- 1 root root 85510 Nov 18 2013 p_large_0fOT_43d9000068f01263.jpg
|
但是却无法写入:
1
2
|
root@chantyou:nfs_client_root
# sudo touch test_client_write.txt
touch
: cannot
touch
‘test_client_write.txt’: Permission denied
|
【解决过程】
1.搜:
NFS client Permission denied
参考:
去检查一下服务器端的确自己本身有写的权限:
1
2
3
4
5
6
7
8
9
|
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxr-xr-x 2 root root 4096 Jul 23 15:16 image
root@iZ23lqgttauZ:image
# ls /home/share/image/ -l
total 240
-rw-r--r-- 1 root root 70545 May 28 2013 mmexport1369703131812.jpg
-rw-r--r-- 1 root root 82168 Sep 12 2013 mmexport1378988706739.jpeg
-rw-r--r-- 1 root root 85510 Nov 18 2013 p_large_0fOT_43d9000068f01263.jpg
root@iZ23lqgttauZ:image
#
|
好像:
NFS服务器端,没有给文件夹:
/home/share/image/
开通,g=group,o=other的写的权限。
所以去开通试试:
1
2
3
4
5
|
root@iZ23lqgttauZ:image
# chmod go+w /home/share/image/
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxrwxrwx 2 root root 4096 Jul 23 15:16 image
root@iZ23lqgttauZ:image
#
|
然后NFS客户端再去试试写入是否可行:
真的可以了:
1
2
|
root@chantyou:nfs_client_root
# sudo touch test_client_write.txt
root@chantyou:nfs_client_root
#
|
【总结】
NFS的server端,虽然当前用户root,对于NFS共享出来的文件夹是有自己的写入权限,但是没有开通自己组group和其他人other的写权限:
1
2
3
|
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxr-xr-x 2 root root 4096 Jul 23 15:16 image
|
所以NFS客户端,去写入,应该属于other的权限,没法写出,出现Permission denied
解决办法是:
NFS客户端的共享出来的文件夹,开通other的写入权限:
1
2
3
4
|
root@iZ23lqgttauZ:image
# chmod go+w /home/share/image/
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxrwxrwx 2 root root 4096 Jul 23 15:16 image
|
然后NFS的客户端就可以正常写入了:
1
2
|
root@chantyou:nfs_client_root
# sudo touch test_client_write.txt
root@chantyou:nfs_client_root
#
|
就是权限的问题。
【后记】
不过,后来看到了:
nfs 客户端操作 Permission denied – 崛望的生鱼片 – ITeye技术网站
说是加了no_root_squash,也可以解决问题。
那估计是:
参考:
How To Set Up an NFS Mount on Ubuntu 14.04 | DigitalOcean
- rw: This option gives the client computer both read and write access to the volume.
- sync: This option forces NFS to write changes to disk before replying. This results in a more stable and consistent environment, since the reply reflects the actual state of the remote volume.
- no_subtree_check: This option prevents subtree checking, which is a process where the host must check whether the file is actually still available in the exported tree for every request. This can cause many problems when a file is renamed while the client has it opened. In almost all cases, it is better to disable subtree checking.
- no_root_squash: By default, NFS translates requests from a root user remotely into a non-privileged user on the server. This was supposed to be a security feature by not allowing a root account on the client to use the filesystem of the host as root. This directive disables this for certain shares.
no_root_squash意思是:
NFS的服务器,默认会把从别处(NFS的客户端)来的请求,中的用户(此处是NFS客户端的超级用户root,拥有超级权限的)变成没有(超级)特权的用户
->从而导致了,NFS客户端的用户root,去访问NFS服务器端共享出来的文件夹的时候,就变成普通的一般的用户了,
然后根据NFS服务器上文件夹的权限设置drwxr-xr-x ,对于group和other是没写入权限的。
所以NFS客户端无法访问。
去验证此猜想:
(1)先恢复之前的权限:
1
2
3
4
|
root@iZ23lqgttauZ:image
# chmod go-w /home/share/image/
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxr-xr-x 2 root root 4096 Jul 23 15:42 image
|
客户端去访问,确保没权限:
1
2
|
root@chantyou:nfs_client_root
# sudo touch test_client_write_2.txt
touch
: cannot
touch
‘test_client_write_2.txt’: Permission denied
|
然后NFS服务器端,只给文件夹开通other的write权限:
1
2
3
4
|
root@iZ23lqgttauZ:image
# chmod o+w /home/share/image/
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxr-xrwx 2 root root 4096 Jul 23 15:42 image
|
然后客户端再去写入试试:
1
2
|
root@chantyou:nfs_client_root
# sudo touch test_client_write_2.txt
root@chantyou:nfs_client_root
#
|
果然可以了
->验证了,从NFS客户端来到NFS服务器端的用户,属于other组;
(2)再恢复之前权限:
1
2
3
4
5
|
root@iZ23lqgttauZ:image
# chmod o-w /home/share/image/
root@iZ23lqgttauZ:image
# ls /home/share/ -l
total 4
drwxr-xr-x 2 root root 4096 Jul 23 15:55 image
root@iZ23lqgttauZ:image
#
|
然后NFS服务器端加上那个no_root_squash
->这样NFS客户端来的用户就是root了
->root就可以访问服务器端的所有文件夹的权限了,应该是
->重启exportfs和重启NFS服务器:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
root@iZ23lqgttauZ:image
# vi /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/home/share/image
*(rw,
sync
,no_root_squash)
~
"/etc/exports"
11L, 433C written
root@iZ23lqgttauZ:image
# exportfs -a
exportfs:
/etc/exports
[1]: Neither
'subtree_check'
or
'no_subtree_check'
specified
for
export
"*:/home/share/image"
.
Assuming default behaviour (
'no_subtree_check'
).
NOTE: this default has changed since nfs-utils version 1.0.x
root@iZ23lqgttauZ:image
# service nfs-kernel-server
* Usage: nfs-kernel-server {start|stop|status|reload|force-reload|restart}
root@iZ23lqgttauZ:image
# service nfs-kernel-server restart
* Stopping NFS kernel daemon [ OK ]
* Unexporting directories
for
NFS kernel daemon... [ OK ]
* Exporting directories
for
NFS kernel daemon...
exportfs:
/etc/exports
[1]: Neither
'subtree_check'
or
'no_subtree_check'
specified
for
export
"*:/home/share/image"
.
Assuming default behaviour (
'no_subtree_check'
).
NOTE: this default has changed since nfs-utils version 1.0.x [ OK ]
* Starting NFS kernel daemon [ OK ]
root@iZ23lqgttauZ:image
#
|
->然后NFS客户端再去访问试试:
结果死掉了。。。
1
|
root@chantyou:nfs_client_root
# sudo touch test_client_write_3.txt
|
即,无法正常的写入NFS服务器,没有写入的权限。
不过稍等片刻,就好了,就生效了,有写入权限了:
1
2
3
|
root@chantyou:nfs_client_root
# sudo touch test_client_write_4.txt
^Croot@chantyou:nfs_client_root
# sudo touch test_client_write_5.txt
root@chantyou:nfs_client_root
#
|
服务器端可以看到新写入的文件了:
1
2
3
4
5
6
7
8
9
|
root@iZ23lqgttauZ:image
# ls -l
total 240
-rw-r--r-- 1 root root 70545 May 28 2013 mmexport1369703131812.jpg
-rw-r--r-- 1 root root 82168 Sep 12 2013 mmexport1378988706739.jpeg
-rw-r--r-- 1 root root 85510 Nov 18 2013 p_large_0fOT_43d9000068f01263.jpg
-rw-r--r-- 1 nobody nogroup 0 Jul 23 15:55 test_client_write_2.txt
-rw-r--r-- 1 root root 0 Jul 23 16:02 test_client_write_5.txt
-rw-r--r-- 1 nobody nogroup 0 Jul 23 15:42 test_client_write.txt
root@iZ23lqgttauZ:image
#
|
注意,新写入的测试5文件的用户是root和root
->就是从NFS客户端来的root用户。
【总结】
之前两种办法,都可以解决此处的NFS客户端没有写入NFS服务器共享出来的文件夹的权限的问题:
(1)给NFS服务器端的文件夹添加other组的write权限:
1
|
chmod
o+w
/home/share/image/
|
(2)给NFS服务器端的文件夹配置选项增加no_root_squash:
1
|
/home/share/image
*(rw,
sync
,no_root_squash)
|
记得要:
重新导出配置,再重启NFS服务:
1
2
|
exportfs -a
service nfs-kernel-server restart
|
并且再稍等一小会,才能真正生效。
转载请注明:在路上 » 【已解决】NFS客户端写入NFS共享文件夹出错:Permission denied