# NFS mounted folder refuses file operations through script



## Beeblebrox (Mar 9, 2013)

I have a script that works fine on the host machine.  I have client machines that mount an NFS directory, where the script in question tries to touch / chown / chmod a file under the NFS mounted folder structure.

When I try the same script on a client machine, I get "permission denied" error and script fails (I start the script by service .. onestart). The touch command creates a file but the owner is "-2" (see here).  Upon further reading on the issue, I found many questions on similar problems but few viable answers.

The user database on host is identical to the user database on client, so user ID and names should not conflict - but they do. If a user logs in on the client machine and executes any of touch, rm, chown, chmod in the folders which he has permission, the commands are executed without any error.

I am hoping the correct nfs_mount option placed in client fstab will correct the error? It could also be an issue of specifying the correct user settings for the user called in the script?


----------



## usdmatt (Mar 9, 2013)

The answer to why you get -2, and how to fix already appears to be covered in the linked post? By default files created by a user on an NFS share are owner by the same userid as the user that created the file. So a file created by user mark (uid 100) will show as being owned by uid 100 on the server. (and will show the same username if the user database is the same)

However, I believe as a security feature, files created by root on the client get -2 uid on the server. This stops root on the client having effectively super-user permissions on the server's share. As you are using service, I suspect your script is running as root. If you want files created by root to be owned by root on the share, you'll need to add the following to the server's exports line.


```
-maproot=root
```

Please be aware that this means root on any client that can mount the share will have full permissions to all the files, even those created by other users on other machines.


----------



## Beeblebrox (Mar 9, 2013)

Awwww man, I've been at this setup package for more than 12 hours straight. I probably understand 1/3 of what I read at this point. Thanks for giving me what I needed and spoon-feeding me the info.


----------

