Find it

Thursday, November 26, 2009

rsync over NFS, issue with permission

We use rsync over NFS to migrate data from one machine to another. We accomplish this by mounting filesystems of the source machine which needs to be migrated to new one, that is target server. On source machine we have entries for filesystems in dfstab file which needs to share & we mount those on target machine like /mnt/nilesh_rjoshi etc etc.. & later we use rsync to copy over them from source to destination server.

# rsync -axP /mnt/nilesh_rjoshi /nilesh_rjoshi

While performing rsync I got errors like -
rsync: send_files failed to open…Permission denied (13)
& at the end of rsync
rsync error: some files could not be transferred (code 23) at main.c(977) [sender=2.6.9]


The problem was NFS share options was not set properly. we need to use NFS option anon.

share -F nfs -o ro=@xx.xx.xx.xx/xx,anon=0 /nilesh_rjoshi/

what anon=uid do?

If a request comes from an unknown user, use uid as the effective user ID.

Note: Root users (uid 0) are always considered ``unknown'' by the NFS server unless they are included in the root option below.

The default value for this option is 65534. Setting anon to 65535 disables anonymous access.

Also if you put value like -1 then disables anonymous access. So if you set anon to -1 it prevents access to root on clients (unless specified using the root option in /etc/exports or dfstab in case of Solaris) and also prevents access to users not defined on the server.

Thanks for solution to My UNIX Guru Alex!
Posted by Nilesh Joshi at 11/26/2009 12:10:00 AM

4 comments:

  1. AnonymousAugust 16, 2011 at 8:40:00 PM GMT+5:30

    Hi, where did you apply that "anon=0" option?

    On the server machine running nfsd, or on fstab of the client?

    I have tried adding anon=0 to /etc/exports on the server - that gives me an error when restarting nfsd, and i have also tried putting anon=0 in the fstab options on the client, again with an error. both errors are along the lines of "anon=0 not recognized". I would appreciate your reply, thanks!

    ReplyDelete
  2. AnonymousAugust 17, 2011 at 7:37:00 PM GMT+5:30

    Hi Milos, please try to use anonuid=0 (user root) or anongid=0 (group root).

    Best Regards.
    Fabio Monteiro

    ReplyDelete
  3. AnonymousAugust 17, 2011 at 7:45:00 PM GMT+5:30

    # sample /etc/exports file
    / master(rw) trusty(rw,no_root_squash)
    /projects proj*.local.domain(rw)
    /usr *.local.domain(ro) @trusted(rw)
    /home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
    /pub (ro,insecure,all_squash)
    /etc 192.168.0.0/24(ro,sync,no_subtree_check,no_wdelay,no_root_squash)
    /srv/www -sync,rw server @trusted @external(ro)

    ReplyDelete
  4. Nilesh JoshiAugust 17, 2011 at 10:56:00 PM GMT+5:30

    Either use "anonuid" or "anongid" under /etc/exports or simply you can use "anon" in the command as shown in below example.

    e.g.

    # share -F nfs -o ro=@xx.xx.xx.xx/24,anon=0 /home

    Thanks/Nilesh

    ReplyDelete

Subscribe to: Post Comments (Atom)