KRB5 NFS Mount only accessible by root

Kernels & Hardware, configuring network, installing services

KRB5 NFS Mount only accessible by root

Postby foobarry » 2019-08-02 16:06

Hi,

I have a NFS share which I am mounting on Debian 10 (buster) as follows in the fstab:

Code: Select all
foo.example.com:/srv/share/foo /mnt/foo nfs4 defaults,sec=krb5p,noexec,nosuid,_netdev,auto 0 0


On the server, exports reads as follows:
Code: Select all
/srv/share/backups/foo foo.example.com(rw,sync,sec=krb5p,all_squash,subtree_check,anonuid=473,anongid=474)


The NFS share mounts perfectly on the Debian client.
Root can read/write/delete from the share perfectly.

But a "standard" user can't do anything, e.g.

Code: Select all
/mnt$ ls
ls: cannot access 'foo': Permission denied


The purpose of this share is to, for example, allow system services running as lesser users to save files. Therefore non-root access is key.

Where am I going wrong ?

Thanks !
foobarry
 
Posts: 1
Joined: 2019-08-02 15:56

Re: KRB5 NFS Mount only accessible by root

Postby ruwolf » 2019-08-07 06:43

Does Wiki not help you?
wiki.debian.org: NFS/Kerberos

Note:
ServerFault.com: NFS Access restrictions using kerberos wrote:The client must have a valid ticket, usually obtained by pam_sss, pam_krb5, ssh -K, kinit, or k5start.
The server and the client must both resolve the same kerberos principals to the same usernames.
User avatar
ruwolf
 
Posts: 392
Joined: 2008-02-18 05:04
Location: Slovakia, Banovce nad Bebravou, Matice slovenskej 1260/4-7


Return to System configuration

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable