How to allow writing to a mounted NFS partition

linux apache-2.2 fedora nfs

How do you allow a specific user permission to write to an NFS partition?

I've mounted an NFS share on my localhost (a Fedora install), and I can read and write as root, but I'm unable to write as the apache user, even though all the files and directories in the share on my localhost and remote host are owned by apache.

For example, I've mounted it via this line in my /etc/fstab:

remotehost:/data/media     /data/media             nfs     _netdev,soft,intr,rw,bg        0 0

And both locations are owned by apache:

[root@remotehost ~]# ls -la /data
total 24
drwxr-xr-x.  6 root    root    4096 Jan  6  2011 .
dr-xr-xr-x. 28 root    root    4096 Oct 31  2011 ..
drwxr-xr-x   4 apache  apache  4096 Jan 14  2011 media

[root@localhost ~]# ls -la /data
total 16
drwxr-xr-x   4 apache apache 4096 Dec  7  2011 .
dr-xr-xr-x. 27 root   root   4096 Jun 11 15:51 ..
drwxrwxrwx   5 apache apache 4096 Jan 31  2011 media

However, when I try and write as the apache user, I get a "Permission denied" error.

[root@localhost ~]# sudo -u apache touch /data/media/test.txt'
touch: cannot touch `/data/media/test.txt': Permission denied

But of course it works fine as root. What am I doing wrong?


Solution 1:

NFS authorizes operations based on the user ID, not username. To be able to write to /data/media on NFS client you need to ensure that apache on localhost and apache on remotehost have the same numeric user IDs.

File listings in the post do not confirm that.

Indeed the localhost listing says that the mountpoint /data/media is owned by apache@localhost.

[root@localhost ~]# ls -la /data
 ...
 drwxrwxrwx   5 apache apache 4096 Jan 31  2011 media

The remote listing shows that shared resource /data/media is owned by apache@remotehost.

[root@remotehost ~]# ls -la /data
drwxr-xr-x   4 apache  apache  4096 Jan 14  2011 media

If numeric user IDs of apache@localhost and apache@remotehost differ the directory would not be writable.

You can use the command ls -lna to check numerical user IDs.

This is just a guess. There is nothing in the OP that specifically confirms that there is a disagreement in user IDs.

Related

How to configure autofs5 timeout on per-filesystem basis?
Is there a command that produces a diff of the permissions of target files?
Is it Secure to Grant Apache User Ownership of Directories & Files for Wordpress
RDS Replication across regions
Can I create a pf rule involving MAC address instead of IP?
Scaling out within a VMware host - add vCPUs or VMs?
How do I force ntfsresize to ignore the backup bootsector?
What permissions do I need if IIS Manager is blank or empty?
Outlook Encrypted Emails boo boo
Apache httpd workers retry
write permission denied via filezilla sftp to /var/www/html
How should an experienced Windows SysAdmin learn Linux? [closed]