Re: permission denied when writing to mounted directory exported by NFS server

[Sandeep Gupta]

On test setup I got this fixed. I will try to see if it works on actual
system.

I made following changes:
- modified /etc/exports entry
`
/nfs/testdir -alldirs  -maproot=root:wheel -network=192.168.0
-mask=255.255.255.0
`
The not-working version used "-maproot=root".

- started nfsd from command line
`
doas /sbin/nfsd -tun 4
`
For some reason starting using rcctl fails as can be seen below:
```
You have new mail.
openbsd$ doas rcctl start portmap mountd nfsd
nfsd(failed)
openbsd$ doas /sbin/nfsd -tun 4
openbsd$ ps aux | grep nfsd
root     21178  0.0  0.1   480  1132 ??  S      12:51PM    0:00.01 nfsd:
master
root     95864  0.0  0.0   176   520 ??  S      12:51PM    0:00.00 nfsd:
server
root     29237  0.0  0.0   176   520 ??  S      12:51PM    0:00.00 nfsd:
server
root     37092  0.0  0.0   176   520 ??  S      12:51PM    0:00.00 nfsd:
server
root     40371  0.0  0.0   176   520 ??  S      12:51PM    0:00.00 nfsd:
server
adming   20594  0.0  0.1   524  1264 00  S+p    12:51PM    0:00.02 grep nfsd
```

For debugs, here is output of rpcinfo:
[adming@cluster-node2]~% rpcinfo -p 192.168.0.122
   program vers proto   port  service
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp    859  mountd
    100005    3   udp    859  mountd
    100005    1   tcp    806  mountd
    100005    3   tcp    806  mountd
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs

Since, on both client and server, the root is writing -- the uid and gid is
0.

On Fri, Feb 10, 2023 at 5:13 AM <carsten.re...@t-online.de> wrote:

> On Thu, Feb 09, 2023 at 08:40:50AM +0100, Daniele B. wrote:
> > Unfortunately - personal experience - NFS is not the best offering from
> OpenBSD: it is enough
> > combersome to setup and easy to lose grip: something unsafe to keep me
> away from it.
> >
>
>
> What exactly do you mean ?
>
> rcctl enable portmap mountd nfsd
>
> what is so cumbersome with that ?
>
> What can we do better ?
>
>
> > However, for your testing purposes, I can suggest you there is a
> specific tool to test, server and client
> > status. looking to the man I guess it should be nfsstat pointed to one
> or the other host same time.
> > Probably some other people could be more detailed.
> >
> > -- Daniele Bonini
> >
> > Feb 8, 2023 17:00:09 Sandeep Gupta <gupta.sand...@gmail.com>:
> >
> > > Looking at the docs I am not able
> > > to find any otherconfig options for access control on the client side.
> > > There is nothing in the logs on the server side as well. Any pointers
> to
> > > debug/fix would be of great help.
> >
>
>