Hi, (z/OS speak follows) The exports are:
# # allow host sydvs002 to bypass SAF checking for HLQ 'sm0504.pds' # sm0504<pds,hosts=134.251.195.32,nosaf> -access=134.251.195.32<root>,ro # # no SAF checking for HLQ 'sm0504' sm0504<nosaf> -rw=134.251.195.32<root>,access=134.251.195.32 # The mount's OK from z/OS: 08.43.46 D02 SYSVUSER +GSVX014I (VTAM.SM0504) SM0504 entered command MVS f mvsnfs,list=mounts 08.43.47 D02 MVSNFS GFSA910I (MVSNFS ) SM0504 ACTIVE = 1 : SYDVS002.AU.EDS.COM 08.43.47 D02 MVSNFS GFSA782I (MVSNFS ) NO ACTIVE Z/OS UNIX MOUNT POINTS. And from SLES11: pe...@sydvs002:~> mount ..snippage.. 134.251.195.60:/SM0504 on /home/peter/test/temp type nfs (rw,users,noexec,nosuid,nodev,addr=134.251.195.60,nfsvers=3,proto=tcp,mountproto=udp) pe...@sydvs002:~> What is "squashing"? My Google link is down at the moment... Thanks Peter Peter Bishop HP Enterprise Services APJ Mainframe Portfolio & Engineering +61 2 9012 5147 office | +61 2 9012 6620 fax | peter.bis...@hp.com 36-46 George St | Burwood | NSW 2134 Australia -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Neale Ferguson Sent: Thursday, 15 April 2010 10:07 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: NFS client trying to mount z/OS datasets, failure without obvious cause What do the export options look like on the z/OS side? Is it root squashing? -----Original Message----- From: Bishop, Peter (APJ Mainframe Portf & Eng) <peter.bis...@hp.com> Sent: Thursday, April 15, 2010 2:31 AM To: LINUX-390@VM.MARIST.EDU <LINUX-390@VM.MARIST.EDU> Subject: [LINUX-390] NFS client trying to mount z/OS datasets, failure without obvious cause Hi List, I'm trying to get a SLES11 guest to mount an NFS share from a z/OS NFS server. All appears to work with the mount, i.e. it proceeds without obvious error, but when I try to change to the mounted directory I get "permission denied", even when I'm root which I was quite surprised by. I've checked seemingly obvious places and can't see what I'm sure is a simple error: /var/log/messages, /var/log/firewall, /var/log/warn /var/log/xinetd.log all show nothing relevant. The only thing I found which looks at all relevant is this from the /var/log/audit/audit.log file: type=APPARMOR_DENIED msg=audit(1271311031.300:8010): operation="file_mmap" requested_mask="mr::" denied_mask="m::" fsuid=0 name="/etc/passwd" pid=1680 parent=1 profile="/usr/sbin/nscd" When I googled for 'profile="/usr/sbin/nscd"' I found something that I'm not sure is relevant, relating to an old AppArmor bug from 2008 (https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/144383). I've got a problem open with IBM assuming it was a server bug, but they're pretty sure from the CTRACE I did for them that the server is fine and it's at the client end. My mvslogin command fails - I'm guessing a firewall issue but before I go and hassle the comms team (with all the overhead of that) I thought I'd make sure the NFS request was actually leaving the client OK, hence the question about the AppArmor thing (I'm not sure what that is). It made no difference when I disabled AppArmor anyway, so I'm guessing it's a firewall thing. There were 5 additional lines like the logged one above added after I did an mvslogin with AppArmor going and none added when it was disabled - both times the permissions were still denied when I tried to access the share. Thanks for any light anyone can shed...I suppose firewalls would routinely block NFS traffic unless it were specifically requested beforehand. Best regards Peter Peter Bishop HP Enterprise Services APJ Mainframe Portfolio & Engineering +61 2 9012 5147 office | +61 2 9012 6620 fax | peter.bis...@hp.com<mailto:peter.bis...@hp.com> 36-46 George St | Burwood | NSW 2134 Australia ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390