[SOLVED] Is it possible to mount NFS share with root_squash?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 1 of 1

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    277

    Question Is it possible to mount NFS share with root_squash?

    I've noticed that in order to mount an NFSv4 share (via /etc/fstab), I always seem to require no_root_squash set on the export. To my understanding, no_root_squash means that a user on the client machine that is logged in as root will also have root access on the server as well, which sounds like a security problem.

    However, I cannot for the life of me mount an NFS export that has 'root_squash' set. I always get the following:

    Code:
    mount.nfs4: access denied by server while mounting xxxx
    So is there something else I need to set? Or is the only solution to use no_root_squash all the time?




    [EDIT: SOLVED!]

    Finally worked out the problem. I was originally trying to mount a folder in my home directory (/home/user/share) but apparently this isn't the right way to do it. Of course, if you did want to do it, it seems the only way is to use specify no_root_squash (if using NFSv4) or use NFSv3. I prefer v4 to v3 since that means I don't need to punch holes in firewalld and use rpcbind, mountd, etc. which are security risks.

    The proper way to do it in NFSv4 is to mount the share folder into a root folder location using bind on the server. I mounted it /export/share using the following in /etc/fstab

    /home/user/share /export/share none bind 0 0

    Then in your /etc/exports, specify the /export/share and now you can specify root_squash. It mounts perfectly on the client now! And the great thing about NFSv4 is there is no need to use rpcbind, mountd, statd, etc. etc. and no need to open ports on the firewalld (apart from the nfs port 2049).
    Last edited by QuantumKnot; 17th April 2018 at 03:09 AM. Reason: Solved, so posted my solution for benefit of others.
    QuantumKnot - originator of the "Verne" release name (possibly the last 'normal' release name) :)

Similar Threads

  1. Replies: 7
    Last Post: 28th November 2012, 11:34 PM
  2. mount windows share to share it
    By Dors in forum Using Fedora
    Replies: 3
    Last Post: 21st August 2008, 02:04 AM
  3. trying to mount NFS share but...
    By nothing in forum Servers & Networking
    Replies: 2
    Last Post: 10th October 2007, 12:29 AM
  4. trying to mount Windows share with mount -t cifs
    By worldttle in forum Servers & Networking
    Replies: 1
    Last Post: 11th March 2007, 05:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •