#StackBounty: #linux #nfs #rhel6 Users unable to create files/directories on NFSv3 mount, but can modify

Bounty: 50

I’ve got two RHEL 6 servers, one is an NFS server (we’ll call it nfs-server, say its IP is 10.1.1.1), and the other is a generic client for all intents and purposes (we’ll call it nfs-client, say its IP is 10.0.0.1).

Both nfs-server and nfs-client are connected to the same centralised authentication system, so UIDs/GIDs are the same for a given user.

nfs-client is mounting an NFSv3 share from nfs-server:/shared_folder/cache to /shared_folder/cache.

The /shared_folder directory on nfs-server is in mode 755, owned by root:root, and the /shared_folder/cache directory is in mode 2775, owned by cache:cache (UID=20014, GID=20004).

I have a set of users who are all members of the cache group in LDAP, but they cannot create or delete anything in the /shared_folder/cache directory itself on nfs-client. However:

  • If a file already exists in /shared_folder/cache that has the correct permissions (writable by group cache), the users can modify the file, but not delete it (e.g. if /shared_folder/cache/testfile exists, and is writable by the cache group, the users can modify the contents of the file, but they cannot delete it)
  • If a subdirectory already exists in /shared_folder/cache that has the correct permissions (mode 2775, owned by cache:cache), the users can modify the directory as normal (e.g. if /shared_folder/cache/testdir/ exists in mode 2775 and owned by the cache group, the users can add/modify/delete files and directories in testdir, but cannot delete testdir itself)
  • If I log in as one of the users on nfs-server, all of a sudden I am able to create/modify/delete files and directories as normal within /shared_folder/cache

How can I fix this NFS mount? Diagnostic info is below the horizontal rule.


The output of id user1 on both nfs-server and nfs-client shows:

uid=8173(<username>) gid=8173(<username>) groups=20004(cache)

nfs-server has the following export configured in /etc/exports:

"/shared_folder/cache"        <nfs-client-IP>(rw)

The output of exportfs -v on nfs-server shows:

/shared_folder/cache
                   <nfs-client-IP>(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.