NFS permissions

Printable View

22nd May 2012, 03:48 PM
dana_lehman

NFS permissions

Hello all,
I am setting up a load balanced apache cluster,

I have an Iomega StorCenter px4-300r with NFS shares setup for shared storage between the nodes.
This is my first time really using NFS for something public facing. Sure I used it with FOG and other apps, but the defaults were fine for internal stuff.

I do have NFS access restricted to the IP’s of the nodes.
However my problem is I can’t seem to set permissions, once the nfs share is mounted any user has full read / write access.

How can I set individual file / folder permissions on an NFS share, the entire web root should not be writable by all.
I have read a number of tutorials regarding apache load balancing and shared storage but none of them mentioned permissions.

Also is there a better method for shared storage?

Thanks,
22nd May 2012, 04:04 PM
Geoff

How are you mounting the NFS shares?
Are you using LDAP or NIS to keep guid/uids in sync?
Is there a firewall involved?
22nd May 2012, 06:43 PM
dana_lehman

The Iomega is connected to AD for the windows shares, not sure if I can make that work for NFS or not, but the only user I need to set permissions for is www-data, and as far as I know it has always been UID 33, or perhaps that’s the group.
I’ve done some testing and I can change the permission of files but I cannot change the owner.
Here is some output

Code:

root@web01:/mnt/www/test# ls -l total 4 -r--r--r-- 1 99 users 6 May 22 2012 test.html root@web01:/mnt/www/test# chown www-data:www-data test.html chown: changing ownership of `test.html': Operation not permitted root@web01:/mnt/www/test# chmod u+w test.html root@web01:/mnt/www/test# ls -l total 4 -rw-r--r-- 1 99 users 6 May 22 2012 test.html root@web01:/mnt/www/test#

A quick search for UID 99 says it is a special MAC user ID but, not sure it that’s the case here or not because as myself root, and www-data it still shows 99 as the owner.

I use fstab to mount the NFS

Code:

10.x.x.x:/nfs/www /mnt/www nfs

This is all internal so no firewalls.

I will continue to test, thanks for your help.
22nd May 2012, 11:09 PM
Geoff

Check /etc/users on both hosts to see what they think uid 99 is supposed to be. The fact that you have numeric uid's showing in your ls output means the system you are running ls on doesn't know what uid 99 is supposed to mean.