root cannot access user's home folder shared via NFS
Solution 1
From the exports man page:
Very often, it is not desirable that the root user on a client machine is also treated as root when accessing files on the NFS server. To this end, uid 0 is normally mapped to a different id: the so-called anonymous or nobody uid. This mode of operation (called 'root squashing') is the default, and can be turned off with no_root_squash.
Solution 2
you need to check how the NFS mount is being exported. Likely "root_squash" is enabled.
From Docs: root_squash — Prevents root users connected remotely from having root privileges and assigns them the user ID for the user nfsnobody.
no_root_squash option turns off root squashing
More info here: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-server-config-exports.html
Related videos on Youtube
Team AIGD
Updated on September 18, 2022Comments
-
Team AIGD over 1 year
We have a local server that exports an
NFS
share, used as parent directory for Linux home folders in the network. The users authenticate viaLDAP
(running on the same server).Authentication works fine, and the home folders on the share also work well for the users after they have logged in to a client machine.
However, there is one problem: the root user on the client cannot access the user folders. That is a problem as even simple things such as
sudo apt-get
produce errors because root cannot write to the user's folder.I thought the problem might be that the home folder permissions on the
NFS
server are 0700, thus only accessible by the user itself. So I have changed this permission to 0770, also also set the group ownership of the user folder on the server to 0, i.e. root. I assumed this should work, as 0 is also root's group ID on the client machines.Unfortunately, that didn't solved my issues, root still cannot access the user's folder:
root@Mule:/home/users# ll total 28 drwxr-xr-x 7 team team 4096 Aug 20 14:18 ./ drwxr-xr-x 3 root root 4096 Oct 29 10:43 ../ drwxrwx--- 30 mfb root 4096 Jan 30 17:49 mfb/ root@Mule:/home/users# root@Mule:/home/users# cd mfb bash: cd: mfb: Permission denied root@Mule:/home/users# root@Mule:/home/users# ll mfb ls: cannot open directory mfb: Permission denied root@Mule:/home/users# root@Mule:/home/users# whoami root root@Mule:/home/users# root@Mule:/home/users# mount | grep users bison:/media/profiles on /home/users type nfs (rw,hard,intr,addr=192.168.0.2) root@Mule:/home/users#
I am out of ideas here. Any suggestions how I can enable root to access the user home folder on the client (
mfb
in this example)?