Re: [lustre-discuss] getting "permission dendied" on mount when trying to use nodemaps for root squashing

Fri, 13 Feb 2026 05:32:48 -0800 

Hi,
Have you looked at the squash id's. I think they defaults to 99, but RHEL uses another id for the nobody user. 


A full list of parameters would make it easier to give input. If you 
could post this:


lctl get_param nodemap.default.*

Cheers,
Hans Henrik

On 09/02/2026 16.05, Kurt Strosahl via lustre-discuss wrote:

Good Morning,


   I'm trying to set up nodemaps on a new lustre file system. 
Presently when I turn on the nodemaps I get permission denied for 
servers in the default nodemap.



I've defined two custom nodemaps.  An AdminSystems nodemap (for 
servers that will need to perform actions as root, and a LustreServers 
nodemap (for the lustre servers themselves)



Every other client will be in the default map. (whose gid/uid/projid 
mappings we trust)


I set the following:
[root@scmds2501 ~]# lctl get_param nodemap.*.admin_nodemap
nodemap.AdminSystems.admin_nodemap=1
nodemap.LustreServers.admin_nodemap=1
Nodemap.default.admin_nodemap=0

[root@scmds2501 ~]# lctl get_param nodemap.*.trusted_nodemap
nodemap.AdminSystems.trusted_nodemap=1
nodemap.LustreServers.trusted_nodemap=1
Nodemap.default.trusted_nodemap=1


When I turn on the nodemap feature I get a permission denied when 
mounting on a client node that isn't in the Admin nodemap.



Interestingly, on a test client that was mounted before I turned on 
the nodemap I can write files as myself (into a directory that I 
established beforehand owned by me).



Our desired end state is an Admin nodemap we can add and remove 
systems to as needed that can take action as root, and all other 
lustre clients being able to access the file system, but having no 
root access.  The LustreServers nodemap is there to keep the lustre 
file servers themselves safe from any unexpected changes.


w/r,

Kurt J. Strosahl (he/him)
System Administrator: Lustre, HPC
Scientific Computing Group, Thomas Jefferson National Accelerator Facility


_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org

_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org






















					Reply via email to