NFS-mount “Permission denied” error

NFS is a relatively uncomplicated functionality of any Unix system. However, from time to time you are bound to run in the “permission denied” error while trying to NFS-mount a filesystem. Everything seems to be shared correctly and, yet, the “permission denied” error persists. Here are a few things you may want to do to resolve the problem.

First, the correct syntax for sharing and mounting filesystems. Solaris 8 is used in this example.

You can create a one-time share and one-time mount for temporary use. These will go away after either the source or the client machine is rebooted. Alternatively, you can created a share that will be re-shared or re-mounted at boot time. The simple syntax for a one-time NFS mount is as follows.

Let’s say you want to mount /var/log from server1 to server2 and server3 in read/write mode with root-level access. This means that once /var/log is NFS-mounted on server2 and server3, the root user on these systems will have full access to this filesystem (see diagram below).

NFS diagram

1) On the system FROM which you are exporting the filesystem (server1 in this example) you need to make sure the NFS server is running:

ps -ef | grep nfsd

You should see something like this:

daemon   365     1   0   Dec 12 ?           0:55 /usr/lib/nfs/nfsd

If you have no NFS shares on this system, it is possible that the nfsd daemon is not started at boot time. In this case you will need to start it manually:

/etc/init.d/nfs.server start

On Solaris 8 or 9 system you need to see nfsd, lockd, and statd running. If any of them are missing, make sure you have at least one NFS share in /etc/dfs/dfstab and restart the NFS server:

/etc/rc2.d/k28nfs.server stop
/etc/rc2.d/k28nfs.server start

2) Now run the share command for the particular filesystem you want to export:

share -F nfs -o rw=server2:server3,root=server2:server3 /var/log

3) To check which filesystems you have exported, run the following command:

exportfs

The output would look like this:

server1 - 10:29:42 /etc:[626] exportfs
- /var/log root=server2:server3,rw=server2:server3 ""

4) On the system(s) on which you are MOUNTING the NFS filesystem (serve2, server3 in this example) you will need to create a mount point:

mkdir /server1_var_log

5) Now start the NFS client if it is not already running:

/etc/init.d/nfs.client start

6) Finally, run the mount command:

mount -F nfs server1:/var/log /server1_var_log

To create a permanent NFS mount which will be automatically shared/mounted every time either the server or the client reboots, you will need to edit two files.

1) On the source server (server1) edit the /etc/dfs/dfstab file to include the following entry:

share -F nfs -o rw=server2:server3,root=server2:server3 /var/log

2) On the source server run:

shareall

To check what’s being shared, run exportfs or look inside the /etc/dfs/dfstab file.

3) On the client server(s) (server2 and server3) edit the /etc/vfstab file to include the following entry:

server1:/var/log    -       /server1_var_log        nfs     -       yes     -

4) On the client server(s) run:

mountall

To check what’s being mounted, do df -k | grep server1

If you did everything correctly, you will have a new NFS mount. However, sometimes you may get the “Permission denied” error. To resolve it try the following:

1) Use the fully-qualified DNS names of the source and client machines. This means that every instance of server1, server2, and server3 in the examples above needs to be replaced with server1.domain.com, server2.domain.com, and server3.domain.com, correspondingly. If this helps, take a look at the /etc/nsswitch.conf on the NFS server. For systems using both DNS and NIS for hostname resolution, the “hosts” line of nsswitch.conf should look like this:

hosts    files    nis    dns    [NOTFOUND=return]

Make this change and see if that allows you to export NFS shares without having to use fully-qualified hostnames of clients.

2) If this does not help, try to export a filesystem in a more general fashion:

share -F nfs /var/log

or you can try this:

share -F nfs -o root=server2.domain.com:server3.domain.com /var/log