mtimc
Posts: 1
Joined: Thu Jul 12, 2012 4:25 pm

pxe / netboot challenges

Thu May 17, 2018 4:18 pm

I'm trying to get the pxe booting process working (http://bit.ly/2Iu1wp2). All seems fine, although I'm using a fedora nfs server - which means enabling nfs over udp. I'm not clear why the dhcp option 43 is required - it doesn't seem to be required.

However, thus far I've encountered a few niggles, most particularly:
- since nfs doesn't support extended attributes (I believe that's the cause), network related programs in particular do not work for ordinary users.

Thus on a pxe booted pi:
```
$> ping 8.8.8.8
ping: socket: Operation not permitted
$> getcap /bin/ping
Failed to get capabilities of file `/bin/ping' (Operation not supported)
```
Whereas on a pi booted from the 'same' SDCard image:
```
$> ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=61 time=24.4 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
$> getcap /bin/ping
/bin/ping = cap_net_raw+ep
```
Has anyone else encountered this, or is it a function of my setup?

asavah
Posts: 320
Joined: Thu Aug 14, 2014 12:49 am

Re: pxe / netboot challenges

Thu May 17, 2018 4:51 pm

Yep, this is known, there is no support for extended attributes (xattr) in NFS.

mfa298
Posts: 1126
Joined: Tue Apr 22, 2014 11:18 am

Re: pxe / netboot challenges

Fri May 18, 2018 9:29 am

mtimc wrote:
Thu May 17, 2018 4:18 pm
However, thus far I've encountered a few niggles, most particularly:
- since nfs doesn't support extended attributes (I believe that's the cause), network related programs in particular do not work for ordinary users.

Thus on a pxe booted pi:
```
$> ping 8.8.8.8
ping: socket: Operation not permitted
$> getcap /bin/ping
Failed to get capabilities of file `/bin/ping' (Operation not supported)
...
Has anyone else encountered this, or is it a function of my setup?
I suspect it's an issue with the setup of your NFS server. By default NFS will squash the root user so they'll appear as nobody instead of root. Certain tools (ping, sudo, su) require extra permissions so have the suid bit set meaning they get run as the user that owns the program rather than the logged in user.

Looking at my SD booted Pi.

Code: Select all

pi@raspberrypi:~ $ ls -l /bin/ping
-rwsr-xr-x 1 root root 55720 Nov 10  2016 /bin/ping
pi@raspberrypi:~ $ getcap -v /bin/ping
/bin/ping
pi@raspberrypi:~ $ 
That shows the ownership you should see for /bin/ping - I suspect on your NFS mounted setup it's showing user nobody rather than user root.

With NFS4 there are actually two things that might effect what the users look like. The first is the root squashing (as above) the second is the id mapping service. This attempts to match user names on the client to usernames on the server rather than just working on UIDs. For the ID mapping service both the client and server need to think they're in the same domain.

Return to “Advanced users”

Who is online

Users browsing this forum: Mortimer and 9 guests