I have two directories exported from an NFS server. On my NFS client machine, I can mount one of the directories, using the default syntax, as NFS4. However, the other directory will only mount if I explicitly specify "vers=3". If I don't use that syntax, I get error "mount.nfs: access denied by server while mounting nat149app:/var/fea/jobs".
Both boxes are RHEL 6.1.
On the server:
[root@nat149app fea]# cat /etc/exports
# /var/fea/jobs -rw,async,no_root_squash xxx.xxx.1.0/24
# /usr/local -ro,async,no_root_squash xxx.xxx.1.0/24
/var/fea/jobs xxx.xxx.1.0/24(rw,async,no_root_squash)
/usr/local xxx.xxx.1.0/24(ro,async,no_root_squash)
On the client:
[root@nat145app ~]# mount
/dev/sda4 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda3 on /usr type ext4 (rw)
/dev/sda6 on /var type ext2 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
[root@nat145app ~]# mount nat149app:/usr/local /usr/local
[root@nat145app ~]# mount nat149app:/var/fea/jobs /var/fea/jobs
mount.nfs: access denied by server while mounting nat149app:/var/fea/jobs
[root@nat145app ~]# ll /var/fea
total 20K
drwxrwx--T 4 root feausers 4.0K Nov 29 13:25 ./
drwxr-xr-x. 22 root root 4.0K Nov 29 13:25 ../
drwxrwx--T 2 root feausers 4.0K Nov 29 13:25 jobs/
drwxrwx--T 2 root feausers 4.0K Nov 29 13:26 temp/
[root@nat145app ~]# mount -o vers=3 nat149app:/var/fea/jobs /var/fea/jobs
[root@nat145app ~]# mount
/dev/sda4 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda3 on /usr type ext4 (rw)
/dev/sda6 on /var type ext2 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nat149app:/usr/local on /usr/local type nfs (rw,vers=4,addr=139.69.1.149,clientaddr=139.69.1.145)
nat149app:/var/fea/jobs on /var/fea/jobs type nfs (rw,vers=3,addr=139.69.1.149)
I have tried this with both rw and ro. I have also tried it without the "o+t" permission on the directiories. And I have also tried this using entries in /etc/fstab. Makes no difference.
Best Answer
From what I know, NFS v4 requires all exported directories to be inside a single "root" (which has
fsid=0
set in /etc/exports). For example:which are then mounted as:
Usually bind mounts are used to set up
/srv/nfs
(or/exports
or similar); for example:(for fstab,
/usr/local /srv/nfs/usr-local none bind 0 0
)In your current configuration,
/usr/local
is being used as the NFS root (withnat149app:/usr/local
being accepted only for compatibility; the real address isnat149app:/
) and the server denies access to everything outside it.See section 7 - NFS Server Name Space of RFC 3530 - NFS version 4.