Search code examples
linuxnfs

Allow non-root user rw permission on nfs share

I have two linux machines running. One is a jenkins server and the other is a lamp server (downloaded from turnkey linux). I need to allow the jenkins user on the jenkins server read/write permission to a share on the lamp server using NFS. Using the root user on the jenkins server this works fine, but when run through jenkins, i always get permission denied error when trying to copy or delete files to the lamp server. I have tried many things, but continue to fail. How do I need to configure NFS to allow the jenkins user on the jenkins server read/write/delete to the NFS share on the lamp server?

Below is my current config information:

Jenkins: 192.168.100.143
Lamp:    192.168.100.145


Lamp - /etc/exports
/var/www   192.168.100.143(rw,anonuid=33,anongid=33)


Lamp - /etc/passwd
www-data:x:33:33:www-data:/var/www:/bin/sh


root@lamp /var/www# ls -la
total 32
drwxr-xr-x  6 www-data www-data 4096 Oct  4 06:12 .
drwxr-xr-x 13 root     root     4096 Oct 15  2013 ..
drwxr-xr-x  2 www-data www-data 4096 Oct 15  2013 cgi-bin
drwxr-xr-x  2 www-data www-data 4096 Oct 15  2013 css
drwxr-xr-x  2 www-data www-data 4096 Oct 15  2013 images
-rwxr-xr-x  1 www-data www-data 2709 Oct 15  2013 index.php
drwxr-xr-x  2 www-data www-data 4096 Oct 15  2013 js
-rwxr-xr-x  1 www-data www-data   20 Oct 15  2013 phpinfo.php


Jenkins - mount command:
mount -t nfs4 -o rw 192.168.100.145:/var/www /mnt/nfs/lamp


Jenkins - using root:
root@jenkins nfs/lamp# ls -la
total 32
drwxr-xr-x 6 www-data www-data 4096 Oct  4 01:12 .
drwxr-xr-x 3 root     root     4096 Oct  4 01:17 ..
drwxr-xr-x 2 www-data www-data 4096 Oct 15  2013 cgi-bin
drwxr-xr-x 2 www-data www-data 4096 Oct 15  2013 css
drwxr-xr-x 2 www-data www-data 4096 Oct 15  2013 images
-rwxr-xr-x 1 www-data www-data 2709 Oct 15  2013 index.php
drwxr-xr-x 2 www-data www-data 4096 Oct 15  2013 js
-rwxr-xr-x 1 www-data www-data   20 Oct 15  2013 phpinfo.php


root@jenkins IDWEB-package/workspace# ls -la
total 6600
drwxr-xr-x 4 jenkins nogroup    4096 Oct  4 01:20 .
drwxr-xr-x 4 jenkins nogroup    4096 Oct  4 00:34 ..
drwxr-xr-x 6 jenkins nogroup    4096 Oct  4 00:34 .svn
-rw-r--r-- 1 jenkins nogroup    2262 Oct  4 00:34 build-package.xml
-rw-r--r-- 1 jenkins nogroup 6735944 Oct  4 00:34 idweb-package-43.zip
drwxr-xr-x 6 jenkins nogroup    4096 Oct  4 00:37 src

root@jenkins IDWEB-package/workspace# cp idweb-package-43.zip /mnt/nfs/lamp

root@jenkins IDWEB-package/workspace# sudo -u jenkins cp idweb-package-43.zip /mnt/nfs/lamp/idweb-package-43-2.zip
cp: cannot create regular file `/mnt/nfs/lamp/idweb-package-43-2.zip': Permission denied
Solution

  • I think, it is because the mounted folder is owned by www-data on Jenkins Server. So user jenkins@Jenkins can not write there. You should add jenkins@Jenkins to www-data group on Jenkins Server or change the group of the folder on Lamp to broaden it for other users.