Loading...
Loading...
Attempt to mount an export returns a Permission-Denied error when using NFSv4 but succeeds when using NFSv3 or when using an NFS Alias. Client Example Here is an example of a client being denied access using NFSv4, while being allowed access using NFSv3, or using an NFS Alias. Mounting the full path with NFSv4 shows access denied:client@client-1:~ $ sudo mount -o vers=4 x.x.x.x:/ifs/narrow/wide /mnt/isi mount.nfs: access denied by server while mounting x.x.x.x:/ifs/narrow/wideMounting with NFSv3 suceeds:client@client-1:~ $ sudo mount -o vers=3 x.x.x.x:/ifs/narrow/wide /mnt/isi client@client-1:~ $ ls /mnt/isi wide.file client@client-1:~ $ sudo umount /mnt/isi Mounting as NFSv4 with an Alias succeeds: client@client-1:~ $ sudo mount -o vers=4 x.x.x.x:/wide /mnt/isi client@client-1:~ $ ls /mnt/isi wide.file And here is an example of a common permission set that would cause this issue as viewed from the cluster. cluster-1# ls -l /ifs | grep narrow drwx------ 3 root wheel 51 Jul 19 16:49 narrowcluster-1# ls -l /ifs/narrow | grep wide drwxrwxrwx 2 root wheel 27 Jul 19 16:37 wide Notice that on narrow everyone is missing execute permissions on /ifs/narrow
This issue stems from differences in NFSv3 vs NFSv4 mount handling and occurs with all Linux NFS servers when mounting using NFSv4. Unlike NFSv3, NFSv4 mounts walk the directory tree ( RFC7530 §7 ), performing LOOKUP, and READDIR for each segment. For example, mounting /ifs/narrow/wide requires execute permissions on /ifs and /ifs/narrow .
There are two possible solutions: Allowing Everyone the execute permission. The most secure fix is to grant the execute ( x ) permission on all directories in the path. This allows traversal, not listing or modification. NFS Alias If execute permissions are not desired, creating an NFS alias works around the requirement for execute on each directory in the path. See NFS Alias section in Dell PowerScale: OneFS NFS Design Considerations and Best Practices .
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.