NFS Question

I'm trying to mount a network drive on a nearly fresh install of Ubuntu 18.04 Server, and I'm getting some puzzling behavior.

I mount the drive as root, and list the permissions:

# mount xxx.xxx.xxx.xxx:/my/share /mnt/nfs
# ls /mnt
drwxrwxr-x 1 user user nfs
# cd /mnt/nfs

Looks good so far! (you'll see why I do that cd in just a second...)

I log in as a normal user, user, and try to go about my business:

$ ls /mnt
drwxrwxr-x 1 user user nfs
$ cd /mnt/nfs
cd: test: Permission denied
$ ls /mnt
d--------- 1 user user nfs

Uhh... what happened to the permissions? The process is thankfully reversible... Well, only if root tries it...

# ls /mnt
d--------- 1 user user nfs
# cd /mnt/nfs
# pwd
/mnt/nfs
# ls /mnt
drwxrwxr-x 1 user user nfs

Any ideas what's going on, and how I can go about fixing it? I'm at a complete loss.

It's worth noting that this is the second machine that this has happened to me with Ubuntu 18.04 Server, both nearly out of the box.

note: The command output is simulated, but taken almost directly from the server. (ie: the number of hard links ls reports is probably not right, and I omitted the . and .. directories, but the permissions, owners, etc. are correct)

1 Answer

That's a feature of NFS, called "Root squashing". See the section "User ID Mapping Options".

The "Root squashing" feature was added to prevent root on other systems from accessing files as root on the NFS server. The NFS protocol doesn't have any authentication, and would blindly accept an NFS packet saying "I am [UID=root,GID=root] write this data to /etc/passwd", without "Root squashing". With "Root squashing", the packet becomes "I am [UID=nobody, GID=nobody] write this data to /etc/passwd", a much safer command (that will fail).