root squashing causes Access Denied when mounting NFS export
Applies to
- ONTAP 9
- NFSv4
- RHEL 7
Issue
- Mounting an NFSv4 export as root on a RHEL client fails:
# mount -vv -o nfsvers=4.0,sec=sys nfsserver:/rootjunction/directory1/ /mnt/tmpmnt/
mount.nfs: timeout set for Thu Jan13 12:19:34 2022
mount.nfs: trying text-based options 'sec=sys,vers=4.1,addr=192.168.0.2,clientaddr=192.168.0.3'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=sys,vers=4.0,addr=192.168.0.2,clientaddr=192.168.0.3'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting nfsserver:/rootjunction/directory1
- Mounting via NFSv3 may be successful
- In
vserver nfs show
NFSv4
is enabledmount-as-root
is enabledNFSv4-id-domain
is set to the user's domain- default user is
nobody
- Linux access to unix security style volumes does not require name-mapping and configuration of user/group and permissions are desirable:
cluster1::*> vserver security file-directory show -vserver nfsserver -path /rootjunction Vserver: nfsserver File Path: /rootjunction File Inode Number: 64 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 2750 UNIX Mode Bits in Text: rwxr-s--- ACLs: -
- The export policy has root squashing configured
cluster1::> vserver export-policy rule show -vserver sv1 -policyname nfsexport -ruleindex 2 -instance
Vserver: nfsserver
Policy Name: nfsexport
Rule Index: 2
Access Protocol: nfs4
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 192.168.0.0/24
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
- It is successful when the directory being mounted has execute permissions