mount nfs - Operation not permitted

Amadeus W. M. amadeus84 at cablespeed.com
Thu Dec 29 18:11:10 UTC 2005


On Thu, 29 Dec 2005 10:48:13 -0600, Charles Howse wrote:

>> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote:
>> 
>>>> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote:
>>>> 
>>>>> I'm sure this has been asked and answered hundreds of times, but I've been
>>>>> working on it for 2 days now, and can't resolve the issue.
>>>>> I'm trying to mount an nfs filesystem that lives on FC4 from my Macintosh
>>>>> across the home lan (machines are only 15' apart).  ;-)
>>>>> I can successfully mount nfs shares that live on the FreeBSD machine from
>>>>> the Mac, and can successfully ssh to the FC4 box from the Mac.
>>>>> 
>>>>> On FC4:
>>>>> [root at shemp ~]# cat /etc/exports
>>>>> /disc2 moe(rw,sync) larry(ro,sync)
>>>>> /home  moe(rw) larry(ro)
>>>>> [root at shemp ~]# cat /etc/hosts.allow
>>>>> #
>>>>> # hosts.allow   This file describes the names of the hosts which are
>>>>> #               allowed to use the local INET services, as decided
>>>>> #               by the '/usr/sbin/tcpd' server.
>>>>> #
>>>>> ALL: ALL
>>>>> [root at shemp ~]# cat /etc/hosts.deny
>>>>> #
>>>>> # hosts.deny    This file describes the names of the hosts which are
>>>>> #               *not* allowed to use the local INET services, as decided
>>>>> #               by the '/usr/sbin/tcpd' server.
>>>>> #
>>>>> # The portmap line is redundant, but it is left to remind you that
>>>>> # the new secure portmap uses hosts.deny and hosts.allow.  In particular
>>>>> # you should know that NFS uses portmap!
>>>>> 
>>>>> [root at shemp ~]# cat /proc/fs/nfs/exports
>>>>> # Version 1.1
>>>>> # Path Client(Flags) # IPs
>>>>> /home   larry(ro,root_squash,sync,wdelay)
>>>>> /disc2  larry(ro,root_squash,sync,wdelay)
>>>>> [root at shemp ~]# cat /var/lib/nfs/xtab
>>>>> [root at shemp ~]# exportfs -ra
>>>>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for
>>>>> export
>>>>> "moe:/home".
>>>>>   Assuming default behaviour ('sync').
>>>>>   NOTE: this default has changed from previous versions
>>>>> 
>>>>> On the Mac:
>>>>> [charles at larry:~]$ mount -t nfs shemp:/disc2 ~/mnt
>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted
>>>>> [charles at larry:~]$ mount -t nfs shemp:/home ~/mnt
>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted
>>>>> 
>>>>> properties for ~/mnt on the Mac:
>>>>> 0 drwxr-xr-x    3 charles  charles    102 Nov 20 17:11 mnt/
>>>>> 
>>>>> My uid/gid are the same on both client and server...my username is the same
>>>>> on both machines, password is different.
>>>>> 
>>>>> Anybody have a clue?  I've read and read and Google'd and browsed till I'm
>>>>> blue in the face.
>>>>> Could this be a problem with (what is it...) "non-privileged ports"?
>>>>> 
>>>>> -- 
>>>>> Thanks,
>>>>> Charles 
>>>> 
>>>> 
>>>> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then you
>>>> go from there. Besides the port 2049 (nfs) you need to have several other
>>>> ports open. The problem is those ports are not always the same, which is a
>>>> problem with the firewall.
>>> 
>>> Thank you all very kindly for the suggestions.
>>> The solution to the problem was the lack of the 'insecure' export option in
>>> /etc/exports:
>>> /home larry(rw,insecure,sync)
>>> 
>>> I discovered it by tailing /var/log/messages:
>>> Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from larry:982
>>> for /home (/home)
>>> Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port
>>> (192.168.254.3:50646)!
>>> 
>>> Everything works now.  Thanks again.
>>> Look for my new thread on discussing why questions to mailing lists and
>>> usenet groups don't get answered.
>> 
>> Strange, I don't have insecure in my /etc/exports on the nfs server:
>> 
>> /opt                           192.168.2.0/24(rw,sync)
>> /home                          192.168.2.0/24(rw,sync)
>> 
>> and it still works. And I'm all the more surprised knowing how the default
>> iptables rules are set on FC4. But maybe you already had the firewall set
>> up to allow nfs traffic and the auxiliary nfs services running on fixed
>> ports.
> 
> Did I mention that I turned iptables off?  Didn't even check the ruleset,
> just turned it off.
> Also made sure that selinux was disabled.

I don't think you did. Turning off the firewall is not a permanent
solution. Does it work if you turn it back on? 

> 
>> Reading the exports man page I see that the secure option is on by
>> default, which requires that nfs connections be made from ports < 1024.
>> Checking this with netstat on my nfs server I do see connections
>> originating on ports 800 and 799, so maybe that's the default behavior
>> of FC4 nfs clients. Or maybe I just got lucky.
>> 
>> Good to know about "insecure" though.
> 
> It may have something to do with the request coming from the Mac...?
> Maybe Mac's use insecure ports for nfs connections?  Haven't looked into
> making the Mac use a secure port for nfs.

Out of curiosity, can you do a 

netstat -tupan

on the FC4 nfs server while accessing the exported partition from the mac
and see what port it's coming from?






More information about the fedora-list mailing list