NFS cannot chown target file (from remote)

[ni_hao]

Running stretch at my pi3: Linux raspberrypi 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l GNU/Linux.
I setup nfs server, which is running. However when I tried to copy files from all remote nfs clients to my usb disk, I always get the msg: "cannot chown target file. Operation not permitted". (Of course I can local write to the usb disk)

I tried it from a system where the pi3 nfs server is mounted in fstab by using systemd and also
I tried it from an Ubuntu system where the pi3 nfs server is mounted via the CLI (putty/ssh).

At pi3 I have:

- dirs/files at usb disk are: root,root
- in fstab the usb disk mounted as:

Code: Select all

UUID=536507a4-ce85-43d7-aa30-6814a0b7172a /media/net/disk1 ext4 defaults,noatime 0 1

- in exports:

Code: Select all

/media/net/disk1 *(rw,all_squash,sync,no_subtree_check,insecure)

I also tried it with adding "no_root_squash


At remote nfs client:
- in fstab (where pi1 maps to the ip of my pi3):

Code: Select all

pi1:/media/net/disk1 /media/net/RPi_1 nfs x-systemd.automount,user,noauto,retry=0,x-systemd.idle-timeout=60,nolock,rw,timeo=2,retrans=1,x-systemd.device-timeout=2,soft,nofail 0 0

Here I have more nfs servers through systemd defined and they are all working good.
Also tried with nfs4 as filesystem type
Mount output is:

Code: Select all

systemd-1 on /media/net/NAS2 type autofs (rw,relatime,fd=59,pgrp=1,timeout=60,minproto=5,maxproto=5,direct)
systemd-1 on /media/net/RPi_1 type autofs (rw,relatime,fd=59,pgrp=1,timeout=60,minproto=5,maxproto=5,direct)

At another nfs client (my ubuntu server):
- I used:

Code: Select all

mount -t nfs pi1:/media/net/disk1 /media/net/RPi_1

and also tried it with nfs4

What did I wrong?

[mfa298]

...
I setup nfs server, which is running. However when I tried to copy files from all remote nfs clients to my usb disk, I always get the msg: "cannot chown target file. Operation not permitted". (Of course I can local write to the usb disk)
...
- in exports:

Code: Select all

/media/net/disk1 *(rw,all_squash,sync,no_subtree_check,insecure)

I also tried it with adding "no_root_squash
...
What did I wrong?

From memory, all_squash will mean the nfs mount treats any client side user as the nobody user (on the server) (so on the server everything would appear to be owned by nobody). The default is that uids (in nfs3) or users/uids (in nfs4) would get passed over the mount except for the root user (which would normally be changed to nobody on the server). no_root_squash would mean the root user is also mathced over the mount. This is a basic security measure that protects against a few ways be a could be abused.

In nfs3 users are matched by uid (a number) rather than name, on the pi, the pi user is normally uid 1000, by default on most other Linux distros the user you create during install is uid 1000. So with the pi as an nfs server, if you create a file from a pc new client it might show with one username on the client and as the pi user on the server.

Nfs4 can also try to match users by username, this can require some extra services, and the devices all need to appear in the same domain, if that's not the case it will normally map users to the nobody user on the server side. On raspbian Jessie I think this required the keyutils package to be installed (I don't think it was installed by default).