We have shared storage server with nfs export for our users homes. After successful login, user gets " Home directory not found". Logging into server, /home is mounted and as a user I am able traverse their home. As root, permission denied, which is expected with root_squash export.
When I change export to no_root_squash, it works as expected, dashboard loads. I do not want to export the filesystem with no_root_squash, is there a better option?
This appears to be added by root
output with root_squash:
[jwaters@ood1 ~]$ inotifywait -mr ./
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
./.pki/nssdb/ CREATE,ISDIR dbTemp.0nUcYY
Couldn’t watch new directory ./.pki/nssdb/dbTemp.0nUcYY: No such file or directory
./.pki/nssdb/ OPEN,ISDIR dbTemp.0nUcYY
./.pki/nssdb/ DELETE,ISDIR dbTemp.0nUcYY
./.pki/nssdb/ CLOSE_NOWRITE,CLOSE,ISDIR dbTemp.0nUcYY
Similar output with no_root_squash:
inotifywait -mr ./
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
./.pki/nssdb/ CREATE,ISDIR dbTemp.YSMheU
Couldn’t watch new directory ./.pki/nssdb/dbTemp.YSMheU: No such file or directory
./.pki/nssdb/ OPEN,ISDIR dbTemp.YSMheU
./.pki/nssdb/ DELETE,ISDIR dbTemp.YSMheU
./.pki/nssdb/ CLOSE_NOWRITE,CLOSE,ISDIR dbTemp.YSMheU
export is:
/shared_storage/home x.x.x.x/24 (root_squash, no_subtree_check,fsid=42)
Running 1.8
Does 2.0 address this?
The below is a false lead. How do you all mount you user homes ? NFS, beegfs, ceph, gluster, other? using no_root_squash for your nfs exports? Kernel mount via beegfs or other distributed filesystem?
[jwaters@ood1 ~]$ inotifywait -mr ./
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
./.pki/nssdb/ CREATE,ISDIR dbTemp.0nUcYY
Couldn’t watch new directory ./.pki/nssdb/dbTemp.0nUcYY: No such file or directory
./.pki/nssdb/ OPEN,ISDIR dbTemp.0nUcYY
./.pki/nssdb/ DELETE,ISDIR dbTemp.0nUcYY
./.pki/nssdb/ CLOSE_NOWRITE,CLOSE,ISDIR dbTemp.0nUcYY
2.0 does not address this. I’m not familiar with server side NFS settings - @tdockendorf please advise.
OnDemand works with root_squash because that’s how OSC sets up our NetApp home directory export policy. The loading of the home directory takes place after OnDemand launches the PUN as the user, so nothing running as root will be trying to access the home directory I believe. We also mount as NFS v4.0 which it looks like you might at least be exporting as NFSv4 since you set fsid. I would not imagine permissions of home directories would matter as root also because at OSC we bootstrap all home directories to be 0700 with root squash but the top level is readable by root so like ls /home will list home directories but ls /home/user will fail for root.
Thanks for the replies and I discovered the issue.
Currently layout is /home/“dept”/“user>”
each /home/ is 0750, with owner:group root:“dept” , “user” is 0700
Changing permission on /home/“dept” 751 allows dashboard to load