How to properly set permissions for NFS folder? Permission denied on mounting end.
NFS is built on top of RPC authentication. With NFS version 3, the most common authentication mechanism is AUTH_UNIX. The user id and group id of the client system are sent in each RPC call, and the permissions these IDs have on the file being accessed are checked on the server. For this to work, the UID and GIDs must be the same on the server and the clients. However, you can force all access to occur as a single user and group by combining the all_squash, anonuid, and anongid export options. all_squash will map all UIDs and GIDs to the anonymous user, and anonuid and anongid set the UID and GID of the anonymous user. For example, if your UID and GID on your dev server are both 1001, you could export your home directory with a line like
/home/darren 192.168.1.1/24(rw,all_squash,anonuid=1001,anongid=1001)
I'm less familiar with NFS version 4, but I think you can set up rpc.idmapd on the clients to alter the uid and gid they send to the server.
When you mount NFS, your permissions you're mounting it with must match up with what you have on the server. For example, if your user has only read-only access, mounting it with read-write will cause you to see the same errors you mentioned in your post when you try to actually load the mount. Unfortunately, this will ONLY show up when accessing the folder, not when you actually mount it.
You also want to make sure that the user NFS is running as on the server and the user on the client are using the same UID and GID. You can check these values by running id darren
on both the server and the client. If the UID and GID values do not match up, you can edit /etc/passwd
to make it so — but make sure you understand what you're doing before arbitrarily changing values!
Some good sources:
- http://nfs.sourceforge.net/nfs-howto/ar01s07.html#pemission_issues
- http://support.apple.com/kb/TA22243
I hope this helps!