Mageia forum

[scanray]

Hi all,

I just installed mageia 5RC.
I was setting up my network and when mounting the nfs from another computer, the directories cahnge to user id = 500.
Until version 4 of mageia, this was the id of the first user created with administrator rights. In this version of mageia I see that the administrator uses id = 1000
I mount a nfs with:

Code: Select all

theserver:/mnt/myshare /media/shared nfs wsize=8192,nosuid,rsize=8192,soft 0 0

Perhaps I'm doing something wrong, but also may have forgotten to change something in the nfs-utils to mount the nfs with ID=1000 and not ID=500

Another thing, when I try to use the MCC and I click the "search servers", MCC hangs. I' ve tried this with firewall on and off.

I hope this helps.

[doktor5000]

Is there a question to this, as I don't get your point for the user ID thing?

[scanray]

Hi doctor,

How can I remap the user using nfs in the client side ?
It mount as read only because the id. this problem come with mga5, not in mga4

I have tried using samba, and have the same problem, but over samba, in the line to mount, I can add uid and gid and that solve the problem. using samba the problem is only in linux pc; pc with windows dont have this problem.

Thanks

[doktor5000]

There are numerous guides for that topic, short google search shows
http://serverfault.com/questions/514118 ... -nfs-share
http://serverfault.com/questions/20010/ ... ds-for-nfs

[scanray]

I have already read these pages.
In the first link, I cant find rpcidmapd, is the same as nfs-idmap ?
Dont work, but, any way, it say to create the same user in client pc's, and... I dont want to do that. I have clients (outside my office) that connect there.

thanks for you help

[doktor5000]

The service is called nfs-idmap.service

┌─[doktor5000@Mageia5]─[19:43:41]─[~]
└──╼ urpmq -l nfs-utils | grep idmap
/etc/idmapd.conf
/usr/lib/systemd/system/nfs-idmap.service
/usr/sbin/nfsidmap
/usr/sbin/rpc.idmapd
/usr/share/man/man8/idmapd.8.xz
/usr/share/man/man8/nfsidmap.8.xz
/usr/share/man/man8/rpc.idmapd.8.xz

You did not mention anything from different user account, only different UID's (500 vs. 1000).

It would be helpful if you could at least post the output that you see currently on the share on the server, and also what you expect to see in terms of UIDs

Code: Select all

ls -al /mnt/myshare
ls -aln /mnt/myshare

Code: Select all

ls -al /media/shared
ls -aln /media/shared

Please keep in mind that we can only support you as far as you provide sufficient information.


As you mention it now, from re-reading your initial post, I think I know what the issue might be.
If you did a fresh installation of mga5 RC, then by default new users are created starting with UID 1000.
In older Mageia releases the default was to start at UID 500. So this may be your issue.

So if only your UID would differ, you could take the approach from http://serverfault.com/a/632315/241255
If you also have different user names, then you need to set up actual id-mapping.
But with NFSv4 the UID/GID is pretty much irrelevant, so please provide more details about your actual issue.

[scanray]

Hello Doktor5000,

I apologize for the delay in answering, I was traveling and I could not access the computer.

I only mentioned the difference of UIDs because it is the only thing that I found different. Other users with OSX can not access in write mode. All access read only.

in server:

Code: Select all

ls -al /mnt/myshare
drwxr-xr-x 11 user1 user1 4096 Jun  1 10:17 ./
drwxr-xr-x  5 root  root   4096 Apr 28 11:20 ../
drwxr-xr-x 10 user1 user1 4096 Jun 10 01:18 dir1/
drwxr-xr-x  7 user1 user1 4096 Apr 14 14:36 dir2/
drwxr-xr-x 14 user1 user1 4096 Apr 14 14:13 dir3/
drwx------  2 root  root  16384 Jan  1 21:50 lost+found/
drwxr-xr-x 44 user1 user1 4096 May 13 13:59 dir4/
.
.
.

ls -aln /mnt/myshare
drwxr-xr-x 11 500 500  4096 Jun  1 10:17 ./
drwxr-xr-x  5   0   0  4096 Apr 28 11:20 ../
drwxr-xr-x 10 500 500  4096 Jun 10 01:18 dir1/
-rwxrw-rw-  1 500 500  4096 Apr 16 13:46 ._.DS_Store*
-rwxrw-rw-  1 500 500  8196 Jun  9 19:12 .DS_Store*
drwxr-xr-x  7 500 500  4096 Apr 14 14:36 dir2/
drwxr-xr-x 14 500 500  4096 Apr 14 14:13 dir3/
drwx------  2   0   0 16384 Jan  1 21:50 lost+found/
drwxr-xr-x 44 500 500  4096 May 13 13:59 dir4/
.
.
.



in client

Code: Select all

ls -al /media/shared
drwxr-xr-x 11     500     500  4096 Jun  1 10:17 ./
drwxr-xr-x 15 root root  4096 Jun  1 22:13 ../
drwxr-xr-x 10     500     500  4096 Jun 10 01:18 dir1/
-rwxrw-rw-  1     500     500  4096 Apr 16 13:46 ._.DS_Store*
-rwxrw-rw-  1     500     500  8196 Jun  9 19:12 .DS_Store*
drwxr-xr-x  7     500     500  4096 Apr 14 14:36 dir2/
drwxr-xr-x 14     500     500  4096 Apr 14 14:13 dir3/
drwx------  2 root    root    16384 Jan  1 21:50 lost+found/
drwxr-xr-x 44     500     500  4096 May 13 13:59 dir4/
.
.
.

ls -aln /media/shared
drwxr-xr-x 11     500     500  4096 Jun  1 10:17 ./
drwxr-xr-x  2    0    0 4096 Jun  1 22:13 ../
drwxr-xr-x 10     500     500  4096 Jun 10 01:18 dir1/
-rwxrw-rw-  1     500     500  4096 Apr 16 13:46 ._.DS_Store*
-rwxrw-rw-  1     500     500  8196 Jun  9 19:12 .DS_Store*
drwxr-xr-x  7     500     500  4096 Apr 14 14:36 dir2/
drwxr-xr-x 14     500     500  4096 Apr 14 14:13 dir3/
drwx------  2    0    0 16384 Jan  1 21:50 lost+found/
drwxr-xr-x 44     500     500  4096 May 13 13:59 dir4/



Yes, I known mageia changed the UID from first user, it is possible that this is the mistake with the client in mga5, but what happens with the other computers with OSX?
Previously I did not have this problem. When the client and server was in mga4.

I've tried using the example of serverfault, but not working. For it to work, forcing me to create each client-user on the server (more than 15) and this is not feasible

But with NFSv4 the UID/GID is pretty much irrelevant

If is irrelevant, what is the problem ? I have nfsv4 in both sides

The situation is this: I have a firewall and file server.
There are two networks (A and B). The file server is in the network B.
Some clients are in the network A and others on the network B. All clients Network B enter the file server.
Some clients on the network A enter the file server.
For this, I mount the file server on the firewall and share it from there to Network A (with samba because they use ms-win)

I have installed mga5 to try it in the firewall because an issue with HD, if I cant resolve this problem I can return to mga4. I would not like to return, but I need it working.

What other details can give to solve this?

Thank you for taking the time to help

[doktor5000]

I only mentioned the difference of UIDs because it is the only thing that I found different. Other users with OSX can not access in write mode. All access read only.

Code: Select all

ls -aln /media/shared
drwxr-xr-x 11     500     500  4096 Jun  1 10:17 ./
drwxr-xr-x  2    0    0 4096 Jun  1 22:13 ../
drwxr-xr-x 10     500     500  4096 Jun 10 01:18 dir1/
-rwxrw-rw-  1     500     500  4096 Apr 16 13:46 ._.DS_Store*
-rwxrw-rw-  1     500     500  8196 Jun  9 19:12 .DS_Store*
drwxr-xr-x  7     500     500  4096 Apr 14 14:36 dir2/
drwxr-xr-x 14     500     500  4096 Apr 14 14:13 dir3/
drwx------  2    0    0 16384 Jan  1 21:50 lost+found/
drwxr-xr-x 44     500     500  4096 May 13 13:59 dir4/


That is pretty simple. E.g. for dir1/ dir2/ dir3/ and dir4/ Only the owner has write access to the directory, hence the same for the contained files.
Those will only have 644 permissions, only allowing group and others to read. That has nothing to do with the UID/GID, but with the permissions setup.

I've tried using the example of serverfault, but not working.

What did you do in particular, and what was the outcome? Please be more verbose.

For it to work, forcing me to create each client-user on the server (more than 15) and this is not feasible

But with NFSv4 the UID/GID is pretty much irrelevant

If is irrelevant, what is the problem ? I have nfsv4 in both sides

Actually the idmapping should prevent exactly that. But you need to set it up to be able to use it.

What other details can give to solve this?

At the very least the NFS export configuration on the NFS server, like /etc/exports or exportfs -v
And the NFS client configuration, e.g. how does the client mount the server (fstab configuration and mount | grep nfs output)

[scanray]

Hi Doktor,

That is pretty simple. E.g. for dir1/ dir2/ dir3/ and dir4/ Only the owner has write access to the directory, hence the same for the contained files.
Those will only have 644 permissions, only allowing group and others to read. That has nothing to do with the UID/GID, but with the permissions setup.

I changed permissions to 777, this is the only way to have write access to shared. I never do that to have write access. And I do not want to leave because there are clients who only have the right to read

What did you do in particular, and what was the outcome? Please be more verbose.

I have done exactly what the post serverfault says. When I say that does not work, I mean I still riding the directory in read mode.

Actually the idmapping should prevent exactly that. But you need to set it up to be able to use it.

I imagine that prevents this type of security settings, but how do they work?
This is definitely something that did not happen before. Something changed in how to configure NFS. So from the beginning I thought it had something to do with the UID / GID. Something strange because OSX uses a different number of UID and allowed me to ride in write mode.

These are the settings:

SERVER
exportfs -v

Code: Select all

/mnt/myshare       <world>(rw,wdelay,insecure,root_squash,all_squash,no_subtree_check,anonuid=1000,anongid=1000,sec=sys,rw,root_squash,all_squash)

CLIENTS
/etc/fstab

server:/mnt/myshare /media/shared nfs rw,intr,rsize=32768,wsize=32768,hard 0 0

mount | grep nfs

Code: Select all

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
sunrpc on /proc/fs/nfsd type nfsd (rw,relatime)
server:/mnt/myshare on /media/shared type nfs4 (rw,relatime,vers=4.0,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.1,local_lock=none,addr=192.168.2.100)


[doktor5000]

exportfs -v

Code: Select all

/mnt/myshare       <world>(rw,wdelay,insecure,root_squash,all_squash,no_subtree_check,anonuid=1000,anongid=1000,sec=sys,rw,root_squash,all_squash)

"root_squash,all_squash" is contained twice, I'd clean that up.

Also all_squash in combination with anonuid=1000,anongid=1000 maps all user access to that UID and GID.
But the permissions of the actual folders in the exported share are 500:500 as you showed previously.
This does not match, so you only get access as "other" not as user or group.

[scanray]

sorry, I've done several tests configuration. I put the original ones generated by drakhosts.pl, they give me the same result

Code: Select all

exportfs -v
/mnt/myshared       <word>(rw,async,wdelay,root_squash,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)

/etc/exports
/mnt/myshared       *(root_squash,anonuid=65534,anongid=65534,async,secure,no_subtree_check,rw)


originally drakhosts put all_squash in exports. Is because that when I do "exportfs -v" you see root_squah and all_squash. It seems that the system always puts root_squash.
I changed all_squah by root_squah. As you can see.

this is the original mount that puts the drakconf

Code: Select all

server:/mnt/myshared       /media/shared nfs rw,intr,rsize=32768,wsize=32768,soft 0 0

thanks