Sunday, 9 November 2014

More on NFS and Mac OS X and Linux

Following on from my earlier post: -


I discovered that, if I want to mount a NFS share for read/write operations from Mac OS X, I needed to ensure that the NFS server is set up to "enforce" the UID and GID of the owner of the target directory.

In my case, I was trying to write from Eclipse on the Mac to WebSphere Application Server on RHEL, where the WAS file-system ( /opt/IBM/WebSphere etc. ) is "owned" by the user wasadmin.

Thus, I needed to enforce the UID/GID by changing /etc/exports as follows: -

/opt/IBM/WebSphere/AppServer *(rw,all_squash,insecure,anonuid=500,anongid=500)

and then re-export the file-system: -

exportfs -a

and mount the directory from the Mac: -

mount bpm855.uk.ibm.com:/opt/IBM/WebSphere/AppServer ~/nfs/

Without this, I was seeing the following: -

rm: /Users/hayd/nfs/foobar: Permission denied

whenever I tried to write from OS X to RHEL.

In short, it's all because I am writing from the Mac as user hayd to RHEL where that user does NOT exist and, to make it worse, I'm trying to write to a file-system owned by a user, wasadmin, of which the Mac knows nothing.

Adding the anonuid and anongid parameters to the /etc/exports does the trick.

Final point - I also needed to include all_squash as per the above; the combination of that, with the anonuid and anongid were what did the trick ( as I'd already established that I needed insecure as per the previous NFS-related post )

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...