From owner-freebsd-stable@FreeBSD.ORG Fri Feb 8 01:37:41 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id BAAA11CE for ; Fri, 8 Feb 2013 01:37:41 +0000 (UTC) (envelope-from john.marshall@riverwillow.com.au) Received: from mail4.riverwillow.net.au (mail4.riverwillow.net.au [202.125.45.59]) by mx1.freebsd.org (Postfix) with ESMTP id D637DCF6 for ; Fri, 8 Feb 2013 01:37:39 +0000 (UTC) Received: from [172.25.24.201] (riverw1.lnk.telstra.net [165.228.239.138]) (authenticated bits=0) by mail4.riverwillow.net.au (8.14.6/8.14.6) with ESMTP id r181MJrx075946 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Fri, 8 Feb 2013 11:22:20 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au; s=m4001; t=1360286541; bh=ZKam8KdOE/zNqX07JYSEIMmnFKmC/ZoImB1h6oXmaY4=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=6EAtP/cYj5KYWzxHj/lz7OTd5WM3iljIIXYc5l/54xacHNUtcL1JneZ7I2cmipQ5z u2WTJbxZGAHQMS4UkyWfyuojc18UGvyk29yHWDcYVOFIzrYGSlYSOVmxApPwBXo/pj 5vs0FcRYYD90OpF6EibbXk90JkFuP+XjDKpY77JU= Message-ID: <51145342.5090809@riverwillow.com.au> Date: Fri, 08 Feb 2013 12:22:10 +1100 From: John Marshall Organization: Riverwillow Pty Ltd User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:17.0) Gecko/20130205 Thunderbird/17.0.2 MIME-Version: 1.0 To: Janusz Bulik Subject: Re: NFSv4 + Kerberos permission denied References: In-Reply-To: X-Enigmail-Version: 1.4.6 OpenPGP: id=A29A84A2; url=http://pki.riverwillow.com.au/pgp/johnmarshall.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig72B2A21D8F8BB4EA1336D655" Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2013 01:37:41 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72B2A21D8F8BB4EA1336D655 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On 08/02/2013 01:05, Janusz Bulik wrote: > Hello, > I've got a little problem with NFSv4 + Kerberos. I can do a mount with > Kerberos with a valid ticket, but read-only. > After the mount -vvv -t nfs -o nfsv4,sec=3Dkrb5 nfsserver:/ /mount_test= / > I got "Permission denied" message when I try to mkdir or rm. As a root > mount and as a user mount (sysctl vfs.usermounts=3D1). > With -sec=3Dsys it works read-write, but with -sec=3Dkrb5 read-only.. Am I right in supposing that you have never had this working? What you describe sounds symptomatic of nfsuserd not running - see nfsv4(4). sec=3Dsys doesn't need nfsuserd to "work" but sec=3Dkrb5 does. = If you mount with sec=3Dkrb5 and "ls -l /mount_test/" do you see in the listing the user and group names you expect, or just a bunch of numbers? The read-only access is probably what the filesystem permissions allow to "other" because, without nfsuserd, it can't map your kerberos principal to a uid. Of course, I could be wrong... --=20 John Marshall --------------enig72B2A21D8F8BB4EA1336D655 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEUU0sACgkQw/tAaKKahKLtEgCeNdCZMo3GeBCJuGXdwNh1tcYi vuUAn0+jQsvinuNOLj6jb1mgKB49S0td =Cdtz -----END PGP SIGNATURE----- --------------enig72B2A21D8F8BB4EA1336D655--