1

I have two Red Hat 7 clients (one is RHEL, one is CentOS) NFS mounting a directory from a NetApp server. The RHEL client mounts the volume read-write, whereas the CentOS client mounts the volume read-only.

At the mount level, nothing appears to be wrong and the mounted filesystems behave as expected. Both clients are granted root access (no_root_squash) in the export rules on the NetApp, and the RHEL client is granted read-write access, and the CentOS client is granted read-only access.

selinux is disabled on both clients, the mount entries in /etc/fstab look like this for the two clients:

RHEL:

netapp1:/tools      /TOOLS  nfs defaults    0 0

CentOS:

netapp1:/tools     /tools                  nfs     hard,intr,ro    0 0

The mount details (output from mount) are as follows:

RHEL:

netapp1:/tools on /TOOLS type nfs4 (rw,relatime,vers=4.0,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.200.75.204,local_lock=none,addr=10.200.77.54)

CentOS:

netapp1:/tools on /tools type nfs4 (ro,relatime,vers=4.0,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.100.212.163,local_lock=none,addr=10.200.77.54)

The problem exhibits itself only with specific files, as shown below (this is a view of the same location on the NFS volume from both clients):

RHEL:

[root@rhel ssh]# ls -al
total 168
drwxr-xr-x  2 root root   4096 Nov  5  2014 .
drwxr-xr-x 66 root root  12288 Nov  5  2014 ..
-rw-r--r--  1 root root 125749 Apr  2  2014 moduli
-rw-r--r--  1 root root   1669 Apr  2  2014 ssh_config
-rw-r--r--  1 root root   2453 Nov  5  2014 sshd_config
-rw-------  1 root root    668 Nov  5  2014 ssh_host_dsa_key
-rw-r--r--  1 root root    602 Nov  5  2014 ssh_host_dsa_key.pub
-rw-------  1 root root   1675 Nov  5  2014 ssh_host_rsa_key
-rw-r--r--  1 root root    394 Nov  5  2014 ssh_host_rsa_key.pub
[root@rhel ssh]# cat sshd_config | wc -l
86
[root@rhel ssh]# cat ssh_host_dsa_key | wc -l
12
[root@rhel ssh]# id
uid=0(root) gid=0(root) groups=0(root)

This is the expected result.

CentOS:

[root@centos ssh]# ls -al
total 168
drwxr-xr-x  2 root root   4096 Nov  5  2014 .
drwxr-xr-x 66 root root  12288 Nov  5  2014 ..
-rw-r--r--  1 root root 125749 Apr  2  2014 moduli
-rw-r--r--  1 root root   1669 Apr  2  2014 ssh_config
-rw-r--r--  1 root root   2453 Nov  5  2014 sshd_config
-rw-------  1 root root    668 Nov  5  2014 ssh_host_dsa_key
-rw-r--r--  1 root root    602 Nov  5  2014 ssh_host_dsa_key.pub
-rw-------  1 root root   1675 Nov  5  2014 ssh_host_rsa_key
-rw-r--r--  1 root root    394 Nov  5  2014 ssh_host_rsa_key.pub
[root@centos ssh]# cat sshd_config | wc -l
86
[root@centos ssh]# cat ssh_host_dsa_key | wc -l
cat: ssh_host_dsa_key: Permission denied
0
[root@centos ssh]# id
uid=0(root) gid=0(root) groups=0(root)

Here we see that with the root ID, we have the expected access to some files, but for specific files, we do not have access even though the permissions shown should allow access.

I'd welcome any clues or ideas on how to further debug this issue.

techn0mad
  • 11
  • 2
  • On both clients, check the output of `nfsidmap -l` (as root). – Michael Hampton Sep 11 '19 at 16:36
  • Both show the same thing, more or less: `[root@centos ssh]# nfsidmap -l 9 .id_resolver keys found: uid:jay@example.com uid:jesse@example.com uid:mark@example.com uid:wendy@example.com uid:mo@examplej.com gid:users@example.com uid:phyllis@example.com uid:chuck@example.com uid:tom@example.com` – techn0mad Sep 11 '19 at 16:44

0 Answers0