Asset ID: |
1-75-1439378.1 |
Update Date: | 2012-07-09 |
Keywords: | |
Solution Type
Troubleshooting Sure
Solution
1439378.1
:
Sun Storage 7000 Unified Storage System: How to Troubleshoot UNIX/NFS file and directory permission issues
Related Items |
- Sun Storage 7410 Unified Storage System
- Sun Storage 7310 Unified Storage System
- Sun ZFS Storage 7120
- Sun ZFS Storage 7420
- Sun Storage 7110 Unified Storage System
- Sun ZFS Storage 7320
- Sun Storage 7210 Unified Storage System
|
Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
|
In this Document
Applies to:
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.
Purpose
This document provides a procedure to resolve problems with NFS file and directory permissions/security on the ZFS Storage Appliance.
Troubleshooting Steps
Steps to Follow
This document should be used to troubleshoot issues accessing files and directories over NFS mounts. Each of the following steps will provide instructions and/or a link to a document, to check for issues and provide corrective action as necessary.
Step 1 - Understand how ACLs and traditional UNIX permissions inter operate
See <Document:1428773.1> for tips on configuring security in an environment where both traditional NFSv3 permissions and NFSv4 ACL permissions.
ACL permissions allow you to go beyond the standard user/group/world security entities and configure files and directories with named users and inheritance bits, at the cost of some compatibility with traditional permissions.
Step 2 - Understand how file and directory permission inheritance works.
ACL security allows you to specify exactly what permissions should be inherited to newly created files and directories. This document <Document:1439307.1> explains how the ACL inheritance bits operate.
Step 3 - Check your NFSv4 Identity Domain configuration
A common problem with NFSv4 clients is that the NFSV4 identity domain on the client does not match that of the server. Because NFSv4 users are presented in a user@domain format, an incorrect identity domain can result in limited or no access to files or mount points. See <Document:1409693.1> for instructions on how to verify that these match.
Step 4 - Check for correct configuration of NFS Exceptions (A.K.A. root squash)
By default, root users on client systems are not given unrestricted access to filesystems on the ZFS Storage Appliance. See <Document:1439295.1> for instructions on how to create NFS Exceptions that allow NFS clients to access the ZFSSA as root.
Step 5 - Known issue with chown for non-root users
By default, only root is able to change ownership of files via NFS. <Document:1439387.1> explains how to change this if necessary.
Step 6 - Collect data and contact Oracle ZFSSA Support
At this point, if you not been able to resolve the issue with the troubleshooting steps above, a support case is recommended. Having the following data (as available) will help us to expedite a solution:
- A ZFSSA support bundle. See <Document 1019887.1>
- File and directory permissions from the command line. In UNIX, use the ls command (-V and -Vd for Solaris, equivalents for other UNIX OS). If there's a file operation involved, collect this data both before and after the operation.
- Steps to reproduce the problem.
- If possible, a network capture of the failed attempt to access the file. This should be run from the client, and should begin before the drive is mounted or mapped. See <Document: 1398376.1> for details on how to collect a network capture.
References
<NOTE:1019887.1> - Sun Storage 7000 Unified Storage System: How to collect a supportbundle using the BUI or CLI
<NOTE:1409693.1> - Sun Storage 7000 Unified Storage System: NFSv4 clients cannot mount shares if NFSv4 identity domains do not match
<NOTE:1428773.1> - Sun Storage 7000 Unified Storage System: Configuring file and directory permissions for shared access between UNIX and Windows clients.
<NOTE:1439295.1> - Sun Storage 7000 Unified Storage System: Configuring NFS Exceptions for root access
<NOTE:1439307.1> - Sun Storage 7000 Unified Storage System: Configuring file and directory inheritance.
<NOTE:1439387.1> - Sun Storage 7000 Unified Storage System: Non-root user cannot change ownership of files and directories.
Attachments
This solution has no attachment