From: Benoit des Ligneris (benoit.des.ligneris_at_revolutionlinux.com)
Date: Wed 29 Sep 2004 - 12:25:51 BST
Hello,
I think that NFS export is not well supported from inside a vserver
because it is (generally) kernel based.
My advice would be to use samba which is a user space program and can be
easily put inside a vserver. Samba uses and authentified protocol and this
is also a good thing (IMHO).
Ben
* Cathy Sarisky <cathy_at_acornhosting.net> [04-09-28 21:06]:
>
> Thanks to Herbert for quite a bit of help in IRC!
>
> The problem looks to be the kernel version. The one where it works is
> 2.4.25 (yes, I need to upgrade), the one where it doesn't is 2.4.27.
> Herbert tracked it down to a change that now requires cap_sys_admin to
> mount, which of course the vserver didn't have.
>
> I've worked around the problem by doing the mount from the host server,
> but long term, the client would like to be able to set things up himself.
>
> So here's another question: Is there a means to allow a client with two
> vservers (on separate hosts) to set up some sort of sharing between them
> without intervention from the host server? Is nfs the right tool for
> this, or should we be looking at something else?
>
> Many thanks in advance for your thoughts,
>
> Cathy
>
> On Tue, 28 Sep 2004, Cathy Sarisky wrote:
>
> >
> > Hello!
> >
> > Running vs1.26, a user within a vserver can do an nfs mount like so:
> > mount servername:/tmp /a
> >
> > Running vs1.28, a user within a vserver attempting the same command gets
> > the error:
> > mount: permission denied
> >
> > I think I've ruled out a config file problem, as attempts to mount with
> > /etc/exports or /etc/hosts.allow produces "mount: servername:/tmp failed,
> > reason given by server: Permission denied" instead.
> >
> > I think I've ruled out a firewall problem.
> >
> > I can do the nfs mount from the parent server, but not within a vserver
> > under kernel 1.28
> >
> > So, here's my question(s):
> > - What do I need to do to get mounting an nfs-partition working within a
> > vserver running vs1.28?
> > - What are the security consequences of doing so?
> >
> > Many thanks!
> >
> > p.s. I have a kludgy workaround in that I can do the mounts from the
> > parent server, but since I'd like my customers do be able to do their own
> > nfs mounts, this is sub-optimal...
> >
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
-- Benoit des Ligneris Ph. D. President de Revolution Linux http://www.revolutionlinux.com/ OSCAR Chair http://oscar.openclustergroup.org/ Chef de projet EduLinux http://www.edulinux.org/ _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver