Category Archives: October

NFS Storage : Root squashed to anon user on Linux Host

This scenario is based on a problem where “root” user is squashed to “anon” and all files created on an NFS exported volume have permissions as “nfsnobody”.

On an NFS drive mounted on a Linux host exported through cDOT clustered Data ONTAP system running ONTAP 8.2.1 the root user reports when he creates a file on the mounted NFS storage the file permissions are changed to “nfsnobody”.

After investigating “ls -l” and “ls -ln” commands on the Linux host the file permissions are reported as “nfsnobody” “65534” :

root_squashed_1

Checking the export-policy rule on NetApp storage system i see
“User ID To Which Anonymous Users Are Mapped: 65534
“Superuser Security Types: any

orignal_export_policy_rule

unix-user-group-show

This means all the “anonymous” users will be mapped to “65534” which is “nfsnobody” in Linux, “nobody” in Unix, “pcuser” in Windows. And the remote “root” user on the Linux host has restricted permissions after logging to the NFS server. This is a security feature implemented on a shared NFS storage.

To fix this issue if we change the Superuser AUTH type to “sys”, this means the user will be authenticated at the client (operating system) and will come in as an identified user. This way the user will not be squashed to “anonymous / anon” and retain it’s permissions. superuser-sys

Now if i try to create some files as a “root” user on the Linux host, the files retain the permissions as “root” and not “anon”.

root-as-root

This fixes the problem.