Mounted Sub-directories in a NFS Share are not Writable

Question

I have a CentOS VM setup for my dev environment and mount the web root on my Ubuntu box using NFS. That part works fine; however, all of the sub-directories are not writable. I can see their contents (read-only), but cannot add any new files into the sub-dirs. I can, however, write files into the parent directory of the mount point.

[root@dev ~]# cat /etc/exports
/var/www/html   192.168.122.1(rw,sync,no_root_squash,no_subtree_check)

From what I understand, since the NFS share is mounted with rw and no_root_squash, it should allow any user to write into those directories. Can someone shed some light on this? I'm perplexed, to say the least, and Google isn't being very helpful unfortunately.

When I view the permissions from the host machine, it says the files are owned by nobody:nogroup but output from ls -hal on the VM shows that it is owned by the same username:group that I use on the host machine. Shouldn't PAM being kicking in and allowing my host user access to write?

At the end of the day, what I'm trying to achieve is that all current and any new sub-directories are read/writable by my IDE. Currently, only the parent dir/files are. Currently, I have to ssh into the host and create the files and/or make changes there. I'd rather not duplicate my work, and would truly prefer that the HTML dev environment be writable from any host that is allowed access per /etc/exports.

I look forward to hearing how others have overcome this. And, thank you for your time and insight in advance.

[tangent] Maybe I should finally get around to setting up Samba as a domain controller and just use that for authentication to all of my hosts. I'm pretty sure that would make this question null and void, but I haven't had the time to toy with that yet... Argh. [/tangent]

Answer 1

From what I understand, since the NFS share is mounted with rw and no_root_squash, it should allow any user to write into those directories.

This is wrong. Your files and directories still use the user/group/other read/write/execute pattern just like on a normal filesystem. It just means that NFS doesn't impose any ADDITIONAL restrictions.

If you're using NFS, you MUST keep your user and group ids synchronized between all machines, or you'll get things confused hopelessly. Internally, the operating system doesn't store user/group names, it stores their numerical ID. Commands like ls use /etc/passwd to map these ids to names.

So, if your first machine has a user named "adam" having UID 1000, and "bob" having UID 1001, and your second machine has "bob"'s id 1000 and "adam"s id 1001, then the same file, having user ID 1000, will be shown as belonging to adam on the first machine and to bob on the second. This has nothing to do at all with PAM - PAM does just the authentication (if the user claims he's adam, and he gives password SeCrEt, we will assign uid 1000 to him).

Services line NIS, formerly named YP, and LDAP were made to solve exactly that problem - keep databases synchronized for several hosts. (This is where i lied when i said ls looks up user names in /etc/passwd - it checks /etc/passwd, nis, ldap, and others, depending on /etc/nsswitch.conf)

To get things right, check your user ids in /etc/passwd on both machines. Use ls -ln to show the numerical IDs instead of the names, and if the NUMERICAL ids differ, nfs is doing strange things. Make sure you use the same user id for the same user name on all machines, and your NFS will work just like it should.