Re: NFS client trying to mount z/OS datasets, failure without obvious cause

Thu, 15 Apr 2010 15:49:57 -0700 

Hi,

(z/OS speak follows)
The exports are:

#                                                                         
#  allow host sydvs002 to bypass SAF checking for HLQ 'sm0504.pds'        
# sm0504<pds,hosts=134.251.195.32,nosaf> -access=134.251.195.32<root>,ro  
#                                                                         
#  no SAF checking for HLQ 'sm0504'                                       
sm0504<nosaf> -rw=134.251.195.32<root>,access=134.251.195.32              
#                                                                         

The mount's OK from z/OS:

08.43.46 D02 SYSVUSER  +GSVX014I (VTAM.SM0504) SM0504 entered command MVS f 
mvsnfs,list=mounts
08.43.47 D02 MVSNFS    GFSA910I  (MVSNFS  ) SM0504 ACTIVE = 1 : 
SYDVS002.AU.EDS.COM           
08.43.47 D02 MVSNFS    GFSA782I  (MVSNFS  ) NO ACTIVE Z/OS UNIX MOUNT POINTS.   
              

And from SLES11:

pe...@sydvs002:~> mount
..snippage..
134.251.195.60:/SM0504 on /home/peter/test/temp type nfs 
(rw,users,noexec,nosuid,nodev,addr=134.251.195.60,nfsvers=3,proto=tcp,mountproto=udp)
pe...@sydvs002:~>

What is "squashing"?  My Google link is down at the moment...

Thanks
Peter

Peter Bishop
HP Enterprise Services APJ Mainframe Portfolio & Engineering  
+61 2 9012 5147 office | +61 2 9012 6620 fax | peter.bis...@hp.com
36-46 George St | Burwood | NSW 2134 Australia


-----Original Message-----
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Neale 
Ferguson
Sent: Thursday, 15 April 2010 10:07 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: NFS client trying to mount z/OS datasets, failure without obvious 
cause

What do the export options look like on the z/OS side? Is it root squashing?

-----Original Message-----
From: Bishop, Peter (APJ Mainframe Portf & Eng) <peter.bis...@hp.com>
Sent: Thursday, April 15, 2010 2:31 AM
To: LINUX-390@VM.MARIST.EDU <LINUX-390@VM.MARIST.EDU>
Subject: [LINUX-390] NFS client trying to mount z/OS datasets, failure without 
obvious cause


Hi List,

I'm trying to get a SLES11 guest to mount an NFS share from a z/OS NFS server.

All appears to work with the mount, i.e. it proceeds without obvious error, but 
when I try to change to the mounted directory I get "permission denied", even 
when I'm root which I was quite surprised by.

I've checked seemingly obvious places and can't see what I'm sure is a simple 
error:  /var/log/messages, /var/log/firewall, /var/log/warn /var/log/xinetd.log 
all show nothing relevant.

The only thing I found which looks at all relevant is this from the 
/var/log/audit/audit.log file:

type=APPARMOR_DENIED msg=audit(1271311031.300:8010): operation="file_mmap" 
requested_mask="mr::" denied_mask="m::" fsuid=0 name="/etc/passwd" pid=1680 
parent=1 profile="/usr/sbin/nscd"

When I googled for 'profile="/usr/sbin/nscd"' I found something that I'm not 
sure is relevant, relating to an old AppArmor bug from 2008 
(https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/144383).

I've got a problem open with IBM assuming it was a server bug, but they're 
pretty sure from the CTRACE I did for them that the server is fine and it's at 
the client end.

My mvslogin command fails - I'm guessing a firewall issue but before I go and 
hassle the comms team (with all the overhead of that) I thought I'd make sure 
the NFS request was actually leaving the client OK, hence the question about 
the AppArmor thing (I'm not sure what that is).  It made no difference when I 
disabled AppArmor anyway, so I'm guessing it's a firewall thing.

There were 5 additional lines like the logged one above added after I did an 
mvslogin with AppArmor going and none added when it was disabled - both times 
the permissions were still denied when I tried to access the share.

Thanks for any light anyone can shed...I suppose firewalls would routinely 
block NFS traffic unless it were specifically requested beforehand.

Best regards
Peter
Peter Bishop
HP Enterprise Services APJ Mainframe Portfolio & Engineering
+61 2 9012 5147 office | +61 2 9012 6620 fax | 
peter.bis...@hp.com<mailto:peter.bis...@hp.com>
36-46 George St | Burwood | NSW 2134 Australia


----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to