irods / irods_client_nfsrods

An nfs4j Virtual File System implementation supporting the iRODS Data Grid
BSD 3-Clause "New" or "Revised" License
9 stars 9 forks source link

user permission issue #209

Open bbcairway opened 3 weeks ago

bbcairway commented 3 weeks ago

On the client, some works for example : sudo mount -t nfs -o vers=4.1,sec=sys,port=2050 192.168.0.170:/home/user1 /mnt/nfs_shared be correct, but sudo mount -t nfs -o vers=4.1,sec=sys,port=2050 192.168.0.170:/ /mnt/nfs_shared is succeed How sould I limit the use of the directory / and /home for client ?

The nfs server config is

 "nfs_server": {
        "port": 2050,
        "irods_mount_point": "/tempZone",
        "user_information_refresh_time_in_milliseconds": 3600000,
        "file_information_refresh_time_in_milliseconds": 1000,
        "user_access_refresh_time_in_milliseconds": 1000,
        "object_type_refresh_time_in_milliseconds": 300000,
        "user_permissions_refresh_time_in_milliseconds": 300000,
        "user_type_refresh_time_in_milliseconds": 300000,
        "list_operation_query_results_refresh_time_in_milliseconds": 30000,
        "allow_overwrite_of_existing_files": true,
        "using_oracle_database": false
    },

The nfs server exports is /home/user1 *(rw)

korydraughn commented 2 weeks ago

One thing that stands out is that the line in the exports file does not contain acl. NFSRODS requires that option always be set.

Is that export entry defined in the NFSRODS-specific exports file?

I've confirmed the following configurations work as intended.

Case 1

# file: exports
/ *(rw,acl,sec=sys,no_root_squash)
sudo mount -o port=2050 localhost:/home/kory /mnt/nfsrods

Case 2

# file: exports
/home/kory *(rw,acl,sec=sys,no_root_squash)
sudo mount -o port=2050 localhost:/home/kory /mnt/nfsrods

Given you mention there's a permission issue, I think all you need to do is make sure the acl option is defined for each export entry.