在linux中,在一台IP为192.168.65.215的服务器上挂载nfs服务器的目录时报permission denied错。
错误信息如下所示:
[root@webdg1 ~]# mount -t nfs 192.168.15.56:/u02 /u02 mount: 192.168.15.56:/u02 failed, reason given by server: Permission denied
第一反应是nfs server的权限没配对或可能没授权此IP接入。但是去检查nfs server上配置情况是对15网段都是授权了的。
[root@htwebapp1 ~]# more /etc/exports /u02 192.168.15.*(rw)
这种配置是根据经验和网上很多文档介绍的案例来写的,并且一直以来都是运行都是正确的。这里也不是所有的15网段的服务器都不能挂载这个目录的。在本环境中,一个15网段的服务器就能挂载这个nfs服务器的目录。
(miki西游 @mikixiyou 原文链接: http://mikixiyou.iteye.com/blog/1731208 )
两者的区别在于出问题的服务器的网卡是双IP配置,而正常的服务器是单个IP配置。
那么,问题就可能是一个网卡多个IP导致的。
如果在nfs服务器上/etc/exports中,将需要挂载的服务器IP地址写死,如下所示:
[root@htwebapp1 ~]# more /etc/exports
/u02 192.168.15.215(rw)
这样就可以在215上挂载nfs服务器的u02目录了。
但需要挂载该目录的服务器有很多,是不能一一列出的。
因此这个方法不适用。
在nfs服务器上的/etc/hosts下也有挂载服务器15.215的主机名IP解析,根据网络上建议,将此条目注释掉,也能挂载。
这是另一种解决方法,但nfs服务器上hosts中是必须配置这个主机名IP解析条目的,此服务器上还有其他应用需要用到它。
因此,这个方法也不能采纳。
分析
我们猜测可能是NFS SERVER在 client请求挂载时解析 /etc/exports 时出错了。
我们并不很清楚NFS的原理,也没有能力去看它的源代码。但有一点,我们可以去看一下exports的帮助。
使用man exports一下,得到结果如下:
EXPORTS(5) Linux File Formats Manual EXPORTS(5) NAME exports - NFS file systems being exported (for Kernel based NFS) SYNOPSIS /etc/exports DESCRIPTION The file /etc/exports serves as the access control list for file systems which may be exported to NFS clients. It is used by exportfs(8) to give information to mountd(8) and to the kernel based NFS file server daemon nfsd(8). The file format is similar to the SunOS exports file. Each line contains an export point and a whitespace- separated list of clients allowed to mount the file system at that point. Each listed client may be imme- diately followed by a parenthesized, comma-separated list of export options for that client. No whitespace is permitted between a client and its option list. Blank lines are ignored. A pound sign ("#") introduces a comment to the end of the line. Entries may be continued across newlines using a backslash. If an export name contains spaces it should be quoted using double quotes. You can also specify spaces or other unusual character in the export name using a backslash followed by the character code as three octal digits. Machine Name Formats NFS clients may be specified in a number of ways: single host This is the most common format. You may specify a host either by an abbreviated name recognized be the resolver, the fully qualified domain name, or an IP address. netgroups NIS netgroups may be given as @group. Only the host part of each netgroup members is consider in checking for membership. Empty host parts or those containing a single dash (-) are ignored. wildcards Machine names may contain the wildcard characters * and ?. This can be used to make the exports file more compact; for instance, *.cs.foo.edu matches all hosts in the domain cs.foo.edu. As these characters also match the dots in a domain name, the given pattern will also match all hosts within any subdomain of cs.foo.edu. IP networks You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified in dotted-decimal format, or as a contiguous mask length (for example, either ??/255.255.252.0?ˉ or ??/22?ˉ appended to the network base address result in identical subnetworks with 10 bits of host). Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail.
从帮助文档中看,机器名称格式只有四种,我们使用192.168.15.*(rw)中"*"做通配符,是第一种"single host"用法。
但它没有说可以使用"*",只是我们根据习惯和网上得到经验配置出来的。
这种需要给多个nfs client挂载的需求,是可以这样配置。在/etc/exports中写入/u02 192.168.15.0/255.255.255.0(rw)或/u02 192.168.15.0/24(rw)。
小结
通过帮助文档的分析和这个问题解决过程可以得到这样的结论,很多nfs服务器上exports的配置都是不规范的,只是通配符"*"碰巧能用而已。规范的配置应是192.168.15.0/24或192.168.15.0/255.255.255.0。