Can't mount NFS4 share

2

I have two directories exported from an NFS server. On my NFS client machine, I can mount one of the directories, using the default syntax, as NFS4. However, the other directory will only mount if I explicitly specify "vers=3". If I don't use that syntax, I get error "mount.nfs: access denied by server while mounting nat149app:/var/fea/jobs".

Both boxes are RHEL 6.1.

On the server:

[root@nat149app fea]# cat /etc/exports
# /var/fea/jobs   -rw,async,no_root_squash xxx.xxx.1.0/24
# /usr/local      -ro,async,no_root_squash xxx.xxx.1.0/24
/var/fea/jobs   xxx.xxx.1.0/24(rw,async,no_root_squash)
/usr/local      xxx.xxx.1.0/24(ro,async,no_root_squash)

On the client:

[root@nat145app ~]# mount
/dev/sda4 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda3 on /usr type ext4 (rw)
/dev/sda6 on /var type ext2 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

[root@nat145app ~]# mount nat149app:/usr/local /usr/local

[root@nat145app ~]# mount nat149app:/var/fea/jobs /var/fea/jobs
mount.nfs: access denied by server while mounting nat149app:/var/fea/jobs

[root@nat145app ~]# ll /var/fea
total 20K
drwxrwx--T   4 root feausers 4.0K Nov 29 13:25 ./
drwxr-xr-x. 22 root root     4.0K Nov 29 13:25 ../
drwxrwx--T   2 root feausers 4.0K Nov 29 13:25 jobs/
drwxrwx--T   2 root feausers 4.0K Nov 29 13:26 temp/

[root@nat145app ~]# mount -o vers=3 nat149app:/var/fea/jobs /var/fea/jobs

[root@nat145app ~]# mount
/dev/sda4 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda3 on /usr type ext4 (rw)
/dev/sda6 on /var type ext2 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nat149app:/usr/local on /usr/local type nfs (rw,vers=4,addr=139.69.1.149,clientaddr=139.69.1.145)
nat149app:/var/fea/jobs on /var/fea/jobs type nfs (rw,vers=3,addr=139.69.1.149)

I have tried this with both rw and ro. I have also tried it without the "o+t" permission on the directiories. And I have also tried this using entries in /etc/fstab. Makes no difference.

scott8035

Posted 2011-11-29T20:42:45.407

Reputation: 141

Caution. I tried this mechanism on Fedora 16 w/ and hit an old bug that was supposed to have been fixed. https://bugzilla.redhat.com/show_bug.cgi?id=716483 Problem is in using bind option in fstab for the set of exports. End up unable to boot, left w/ 'dependencies' errors. Fix was to comment out the fstab mount bind entries for the nfs4 setup. I'm still using older /etc/exports setup fine. I don't know what distros/versions affected.

– None – 2011-12-03T14:14:02.067

Answers

2

From what I know, NFS v4 requires all exported directories to be inside a single "root" (which has fsid=0 set in /etc/exports). For example:

/srv/nfs              xxx.xxx.1.0/24(ro,root_squash)
/srv/nfs/usr-local    xxx.xxx.1.0/24(ro,root_squash)
/srv/nfs/fea-jobs     xxx.xxx.1.0/24(rw,root_squash)

which are then mounted as:

mount -t nfs4 nat149app:/usr-local /usr/local
mount -t nfs4 nat149app:/fea-jobs /var/fea/jobs

Usually bind mounts are used to set up /srv/nfs (or /exports or similar); for example:

mount --bind /usr/local /srv/nfs/usr-local
mount --bind /var/fea/jobs /srv/nfs/fea-jobs

(for fstab, /usr/local /srv/nfs/usr-local none bind 0 0)

In your current configuration, /usr/local is being used as the NFS root (with nat149app:/usr/local being accepted only for compatibility; the real address is nat149app:/) and the server denies access to everything outside it.

See section 7 - NFS Server Name Space of RFC 3530 - NFS version 4.

user1686

Posted 2011-11-29T20:42:45.407

Reputation: 283 655

For anyone looking around: this is the One True Answer. – sCiphre – 2016-01-27T14:43:43.110

1

In troubleshooting this error myself, after following Ubuntu's guide, I did a 

apt-get purge nfs-kernel-server
apt-get install nfs-kernel-server

5 times before I just left the default config files alone and it worked (NFSv4).

Here's the nfs server /etc/exports:

/export                 172.20.50.0/24(ro,fsid=0,insecure,no_root_squash,no_subtree_check,async)
/export/companybackup   172.20.50.0/24(rw,nohide,insecure,no_root_squash,no_subtree_check,async)
/export/p1backup        172.20.50.0/24(rw,nohide,insecure,no_root_squash,no_subtree_check,async)
/export/p2backup        172.20.50.0/24(rw,nohide,insecure,no_root_squash,no_subtree_check,async)
/export/p3backup        172.20.50.0/24(rw,nohide,insecure,no_root_squash,no_subtree_check,async)

In exports, no_root_squash allows your servers' root user to write to the share, async gives you the best IO (tho it's not reliable), and the rest simplify the permissions.

and the nfs server /etc/fstab:

/dev/VG/LV                 /mnt/bigLV ext4    noatime 0       0
/mnt/bigLV                 /export/companybackup   none    bind    0       0
/mnt/bigLV/backups/p1      /export/p1backup        none    bind    0       0
/mnt/bigLV/backups/p2      /export/p2backup        none    bind    0       0
/mnt/bigLV/backups/p3      /export/p3backup        none    bind    0       0

Finally, the client's fstab:

172.20.50.29:/p1backup        /mnt/p1backup       nfs4    _netdev,auto,rw,hard,intr       0           0

to refresh the mounts from fstab:

sudo mount -a

Brad

Posted 2011-11-29T20:42:45.407

Reputation: 41

Asked: 2011-11-29T20:42:45.407

Viewed: 6 340 times

Active: 2012-02-09T23:14:10.073