0

I have mounted a NFS share from a Windows 2012 server to a Centos7 webserver I have.

I want my webserver to create and read files from the NFS share. I had a similar solution on Windows 2008 and Centos6 earlier, but I'm struggling after upgrading the servers.

UID and GID are set in W2012 NFS options and are correct.

[root@centos external]# ll
drwxrwxrwx  2 apache www-data 4096 Sep 17 16:15 NFSShare


[root@centos external]# df -h
windowsserver:/NFSShare 50G   19G   31G  38% /var/www/external/NFSShare

[root@centos external]# getfacl NFSShare/
# file: NFSShare/
# owner: apache
# group: www-data
user::rwx
group::rwx
other::rwx

The NFS-share and it's permissions work with root-user.

[root@centos NFSShare]# touch test.txt
[root@centos NFSShare]# ll
total 1
-rwxrwxrwx 1 apache www-data  8 Sep 17 16:15 test2.txt
-rw-r--r-- 1 apache www-data  0 Sep 24 11:10 test.txt

But when I try Read or Write from my website with PHP, i get permission deny.

PHP code (trying to create a folder and read a file):

// Try create a folder    
mkdir('/var/www/external/NFSShare/123');

// Try to read from file
$file = '/var/www/external/NFSShare/test2.txt';
$homepage = file_get_contents($file);
echo $homepage;

PHP Error log:

[root@centos external]# tail /var/log/httpd/website-error_log

[Thu Sep 24 10:21:03.632156 2015] [:error] [pid 15286] [client 172.27.xxx.xxx:56198] PHP Warning:  mkdir(): Permission denied in /var/www/website/modules/users/view/admin/test.php on line 6
[Thu Sep 24 10:21:03.645438 2015] [:error] [pid 15286] [client 172.27.xxx.xxx:56198] PHP Warning:  file_get_contents(/var/www/external/NFSShare/test2.txt): failed to open stream: Permission denied in /var/www/website/modules/users/view/admin/test.php on line 15

Same problem if I try to run as apache user from ssh:

[root@centos NFSShare]# su -s /bin/sh apache -c "touch /var/www/external/NFSShare/test.txt"
touch: cannot touch ‘/var/www/external/NFSShare/test.txt’: Permission denied

At the moment I have tried to give "Everyone" NTFS permissions on the Windows side, CHMOD 0777 as much as possible on the Centos-server and turned SELinux off - just to exclude any problems with this.

Anyone have an idea why the Apache-user can't read or write to the NFS Share?

Update #1:

Checked "tail -f /var/log/audit/audit.log" when creating files with apache user. Can't see any difference in the log for when I create a file in ex. /external or in /external/NFSShare where I get permission denied on NFSShare.

Checked "tcpdump -i any dst windowsserver" where I get the NFS request when creating a file with root-user, but nothing when trying with the apache user. So looks like my Centos-server is denying the request before anything is sent to the windowsserver.

diCo
  • 1
  • 1
  • can you create a subdirectory ant try touch there? Check which side generates permission deny. tcpdump is a tool for that. – kofemann Sep 25 '15 at 06:15
  • Can't touch anything inside the new subdirectory with the apache-user. Looks like the permission is denied from the client side (Centos). I have updated my post above. – diCo Sep 25 '15 at 08:52

0 Answers0