On 06/12/11 21:03 +0800, darkblue wrote: > 2011/12/6 Jan Kryl <[email protected]> > > > Hi, > > > > On 06/12/11 18:03 +0800, darkblue wrote: > > > I am going to share a dir and it's subdir through NFS to Virtual Host, > > > which include XEN(CentOS/netbsd) and ESXi,but failed, the following step > > is > > > what I did: > > > > > > solaris 11: > > > > > > > zfs create tank/iso > > > > zfs create tank/iso/linux > > > > zfs create tank/iso/windows > > > > > > > > share -F nfs -o rw,nosuid,root=VM-host1:VM-host2 /tank/iso > > > > chmod -R 777 /tank/iso > > > > > > > > > > centos: > > > > > > > mkdir /home/iso > > > > mount -t nfs -o rw,nosuid solaris11:/tank/iso /home/iso > > > > > > > > > > echo "newfile" > /home/iso/newfile.txt > > > success > > > > > > echo "newfile" > /home/iso/linux/newfile.txt > > > failed,and display: permission denied > > > > > > and the, check the dir on solaris11: > > > > > > > ls -al /tank/iso > > > > > > > > drwxrwxrwx 5 root root 8 Dec 5 13:04 . > > > > drwxr-xr-x 4 root root 4 Dec 2 22:45 .. > > > > drwxrwxrwx 2 root root 2 Dec 2 16:54 bsd > > > > drwxrwxrwx 2 root root 2 Dec 2 16:54 linux > > > > -rw-r--r-- 1 nobody nobody 8 Dec 5 12:57 newfile.txt > > > > drwxrwxrwx 2 root root 2 Dec 2 16:54 windows > > > > > > > > > > check the dir on CentOS: > > > > > > > ls -al /home/iso > > > > > > > > drwxr-xr-x+ 2 root root 2 Dec 2 16:54 bsd > > > > drwxr-xr-x+ 2 root root 2 Dec 2 16:54 linux > > > > -rw-r--r--+ 1 nfsnobody nfsnobody 8 Dec 5 12:57 > > newfile.txt > > > > drwxr-xr-x+ 2 root root 2 Dec 2 16:54 windows > > > > > > > > > > I got couple questions: > > > 1、why the owner of newfile.txt is nfsnobody on CentOS, and on solaris, > > it's > > > nobody? > > > > Check that NFSv4 domain is the same on both machines. NFSv4 > > doesn't use numerical IDs for users and groups. It uses a string > > form user@domain or group@domain, which is translated to appropriate > > numerical ID on the machine after the request/reponse is received. > > If the domains don't match than root@domain will not be recognized > > as root user. > > > > I didn't enable NFSv4 on solaris > > $ sharectl get nfs > servers=1024 > lockd_listen_backlog=32 > lockd_servers=1024 > lockd_retransmit_timeout=5 > grace_period=90 > server_versmin=3 > server_versmax=3 > client_versmin=3 > client_versmax=3 > server_delegation=on > nfsmapid_domain= > max_connections=-1 > protocol=ALL > listen_backlog=32 > device= > And are you sure that that when you try to resolve IP address on the server, you get either VM-host1 or VM-host2 hostname? Try "getent hosts <IP-addr>" on the server. Note that if you don't use NIS, but DNS for hostname resolution, you will need to specify FQDN in access list for root option.
> > 2、why the subdir do not have write access, how to accomplish it; > > > 3、what does "+" mean? > > > > This means that the file has non-trivial ACLs (at least on Solaris, > > I assume that the meaning on Linux is the same). Try to print ACLs > > on both systems and compare them (on solaris you can print ACLs > > by "/usr/bin/ls -v". > > > > I see that you shared only /tank/iso, you didn't share /tank/iso/linux > > filesystem, which could be the reason why you cannot access it. > > > this is the result of ls -v > ==== solaris 11 ==== > solaris11$ ls -v /tank/VMs > total 14 > -rw-r--r-- 1 root root 0 Dec 6 18:13 newfile > 0:owner@:read_data/write_data/append_data/read_xattr/write_xattr > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@ > :read_data/read_xattr/read_attributes/read_acl/synchronize:allow > 2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize > :allow > -rw-r--r-- 1 nobody nobody 8 Dec 5 12:52 newfile.txt > 0:owner@:read_data/write_data/append_data/read_xattr/write_xattr > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@ > :read_data/read_xattr/read_attributes/read_acl/synchronize:allow > 2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize > :allow > drwxrwxrwx 2 root root 2 Dec 2 16:55 oss-xen > 0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/synchronize:allow > 2:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/read_acl > /synchronize:allow > -rwxrwxrwx 1 root root 16 Dec 5 12:42 test.txt > 0:owner@ > :read_data/write_data/append_data/read_xattr/write_xattr/execute > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@ > :read_data/write_data/append_data/read_xattr/write_xattr/execute > /read_attributes/write_attributes/read_acl/synchronize:allow > 2:everyone@:read_data/write_data/append_data/read_xattr/write_xattr > /execute/read_attributes/write_attributes/read_acl/synchronize > :allow > drwxrwxrwx 2 root root 2 Dec 2 16:54 VMware > 0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/synchronize:allow > 2:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/read_acl > /synchronize:allow > drwxrwxrwx 2 root root 2 Dec 2 16:55 xensrv-xcp > 0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/write_acl/write_owner > /synchronize:allow > 1:group@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/read_acl/synchronize:allow > 2:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/read_acl > /synchronize:allow > > this is the result of linux nfs client > ===== CentOS ====== > [chenr@XenSrv-2 ~]$ mount -t nfs -o vers=3,rw,nosuid 192.168.55.1:/tank/VMs > /tmp/VMs > mount: only root can do that > [chenr@XenSrv-2 ~]$ su - > Password: > [root@XenSrv-2 ~]# mount -t nfs -o vers=3,rw,nosuid 192.168.55.1:/tank/VMs > /tmp/VMs > [root@XenSrv-2 ~]# ls -al /tmp/VMs > total 17 > drwxrwxrwx 5 root root 8 Dec 6 18:13 . > drwxrwxrwt 13 root root 4096 Dec 6 20:46 .. > -rw-r--r--+ 1 root root 0 Dec 6 18:13 newfile > -rw-r--r--+ 1 nfsnobody nfsnobody 8 Dec 5 12:52 newfile.txt > drwxr-xr-x+ 2 root root 2 Dec 2 16:55 oss-xen > -rwxrwxrwx 1 root root 16 Dec 5 12:42 test.txt > drwxr-xr-x+ 2 root root 2 Dec 2 16:54 VMware > drwxr-xr-x+ 2 root root 2 Dec 2 16:55 xensrv-xcp > > do I have to shared all the zfs filesystem and it's sub-filesystem > individual? > such as: > share -F nfs -o xxx /tank/VMs > share -F nfs -o xxx /tank/VMs/linux > share -F nfs -o xxx /tank/VMs/windows > ... > > any possible to accomplish that by a single command, and inherit the parent > filesystem's access right? > For sharing ZFS filesystem it's possible to use zfs property sharenfs: zfs set sharenfs=on|opts <dataset> If you share the filesystem this way, then the sharenfs property will be perhaps inherited by subordinate filesystems. I say perhaps because AFAIK there is currently a bug in Solaris, which is related to inheriting sharenfs property. But you can give it a try and see if it works for you. cheers -jan > > > > 4、do I need to remount a share dir after changing the file access on > > > solaris(NFS server)? > > > > this shouldn't be necessary > > > > cheers > > -jan > > > thanks jan _______________________________________________ nfs-discuss mailing list [email protected]
