0

We have just upgraded two servers providing a number of services to our network including NFS and NIS. User authentication is done by one server (serverA) and home directories and a number of shared folders are provided by an NFS share from another (serverB).

NIS users are able to authenticate against the new serverA and interact with their home and shared directories as before but if they launch certain applications such as Firefox or LibreOffice the window does not open.

  • If the offending applications are launched by a local non-NIS user they work perfectly.

  • When running Firefox from a terminal there is no text output at all.

  • If the Firefox profile (~/.mozilla/firefox) is deleted before it is opened a new one is created but otherwise the behaviour is the same.

  • If Firefox is run within strace it stops on the following: open("/home/user/.mozilla/firefox/gmm7ny7n.default/.parentlock", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 8 fcntl(8, F_GETLK

  • Disabling SELinux on NIS and NFS servers doesn't help.

Any help much appreciated, thanks.

kenlukas
  • 3,101
  • 2
  • 16
  • 26
Carl
  • 1
  • 4

1 Answers1

0

The problem is somehow related to NFS file locking. Enabling ports for MOUNTD_PORT, STATD_PORT, LOCKD_TCPPORT, and LOCKD_UDPPORT on the server firewall got things working. Those port numbers are defined in /etc/sysconfig/nfs on my system and the appropriate lines are commented by default, it is probably best to make them explicit in order to ensure they match the firewall settings. If using the default ports then the following commands will make the required changes:

firewall-cmd --permanent --zone=public --add-port=892/tcp
firewall-cmd --permanent --zone=public --add-port=892/udp
firewall-cmd --permanent --zone=public --add-port=662/udp
firewall-cmd --permanent --zone=public --add-port=662/tcp
firewall-cmd --permanent --zone=public --add-port=32803/tcp
firewall-cmd --permanent --zone=public --add-port=32769/udp
firewall-cmd --reload

I earlier tried disabling the firewall entirely and concluded it didn't help but after a reboot on both the server and client side it started to work.

Carl
  • 1
  • 4
  • If you don't hardcode these NFS ports then they tend to be dynamically allocated, which doesn't play nicely with a firewall. – bodgit Oct 15 '19 at 16:06