"Read-only filesystem" on NFS share, permissions, mounts and exports file seem ok
27,014
/etc/exports
wants the specific IP addresses to appear first, IP ranges after.
i.e.
/share/global/usr/share 192.168.101.250(rw,subtree_check,all_squash) 192.168.0.0/16(ro,subtree_check,all_squash)
Related videos on Youtube
Comments
-
spraff almost 2 years
I am sharing
/share/global/usr/share
from a server to/usr/share
on a client via NFS. When the client writes into it I get "Read-only filesystem" error.Server
Filesystem permissions ok:
$> ls -la /share/global/usr/ drwxrwxrwx 2 nobody nogroup 4096 Dec 6 14:37 share
Exports are rw for client IP
192.168.101.250
, other internal IPs are ro.$> grep usr /etc/exports /share/global/usr/share 192.168.0.0/16(ro,subtree_check,all_squash) 192.168.101.250(rw,subtree_check,all_squash)
Server can write here:
$> echo HELLO > /share/global/usr/share/REMOVEME && chmod 666 /share/global/usr/share/REMOVEME && echo ok ok
Client
IP address matches (static):
$> ip addr | grep inet inet 192.168.101.250/24 brd 192.168.101.255 scope global enp0s8
fstab specifies rw:
$> grep usr /etc/fstab 192.168.101.254:/share/global/usr/share /usr/share nfs rsize=8192,wsize=8192,timeo=3,intr,rw
and it's mounted rw:
$> mount | grep usr 192.168.101.254:/share/global/usr/share on /usr/share type nfs4 (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=3,retrans=2,sec=sys,clientaddr=192.168.101.250,local_lock=none,addr=192.168.101.254)
Read is ok:
$> ls -al /usr/share/REMOVEME -rw-rw-rw-. 1 nfsnobody nfsnobody 7 Dec 6 15:14 /usr/share/REMOVEME
Problem
On client:
$> sudo -i $> echo foo > /usr/share/REMOVEME -bash: /usr/share/REMOVEME: Permission denied
I also can't create new files here.
Everything in the configuration looks okay to me. Why can't I write to the shared directory on the client?
Server is Ubuntu 16.04, client is CentOS 7.
-
steve over 7 yearsSElinux in play here?
-
-
MikeA over 7 yearsI wonder if the ordering in your example is important because your IP range has a more restrictive permission granted than the single host. I think if the IP range was a different subnet from your single host, it could still be listed first.