I export a directory on a linux box and I can mount it from another linux box using
# mount -t nfs kurush:/media/lynk /mnt/kurush/
The same command fails on Mac OS X:
$ sudo mount -t nfs kurush:/media/lynk /Volumes/lynk
mount_nfs: can't mount /media/lynk from kurush onto /Volumes/lynk: Operation not permitted
At the same time, kurush:/var/logs/syslog records this line:
rpc.mountd[7943]: authenticated mount request from sds-MacBook-Pro.home:1009 for /media/lynk (/media/lynk)
When I try to go though the GUI (finder->connect to server->nfs://kurush/media/lynk->connect), I get an immediate failure (unable to connect &c) and the linux box syslog records the authenticated mount request.
The problem is solved by using a privileged port:
Command line:
sudo mount -o resvport -t nfs kurush:/media/lynk /Volumes/lynk
To enable GUI:
sudo vifs
then add a line
kurush:/media/lynk /Volumes/lynk nfs resvport,ro,user,noauto
The questions are:
-
Why do I need to use a privileged port? Is it something I do on the linux side?
I seem to recall that once upon a time I did mount that share without the aforementioned magic. -
How do I tell MacOSX to use the privileged port without using the command line?
I thought Apple was for the "non-techie" crowd, so it must be possible!
Best Answer
Why do you have to? Tradition, mostly. Once upon a time, restricting NFS to privileged ports (<1023) was considered a security measure. Back when people were using mainframe computers, this made sure that the NFS software on the client side was part of the OS/approved by the administrator, since a program can only use a privileged port if it's run by the root user. Today, this makes no sense because anyone can own a computer and have root access, so this doesn't mean anything in terms of security.
By default, many NFS servers don't allow non-privileged source ports. Some NFS clients (such as Ubuntu's), default to using a privileged source port unless otherwise specified, which is why your Linux client works without issue. Clearly, the OS X client doesn't do this. I don't know if that was an Apple design choice or something inherited from BSD. I know that Solaris also defaults to a non-privileged port.
The two ways of avoiding this problem are, telling the OS X client to use a privileged port, as you discovered, or configuring your NFS server to allow non-privileged ports (look it up in your server's documentation).
How do you get OS X to use a privileged port using a GUI? As far as I know, you can't on versions > 10.6. One used to be able to mount NFS shares in Disk Utility and type in extra options, but that was removed. (details) It was never a simple button or anything. NFS is hardly something most of the "non-techy" crowd need, so I guess it wasn't a priority and there are reasons routinely using privileged ports isn't a great idea.
I haven't tried it, but http://www.bresink.com/osx/NFSManager.html seems to allow configuration of OS X's NFS features without the command line.