NFS usage lessons

 

The working computer is installed with ubuntu. In the afternoon, I want to install a sybase database on the RedHat virtual machine, but the installation file is too large and I don't want to copy it to the virtual machine, so on Ubuntu, unzip the Sybase installation file to the/tmp directory, and then set NFS sharing in/etc/export:

/Tmp 172.16.212.2 (RW, sync, no_subtree_check, no_root_squash)

Then mount it directly on Redhat:

Sudo Mount-t nfs 172.16.212.2:/tmp ~ /Tmp

However, when the Sybase Database was installed, the computer encountered some problems, so the computer was restarted and the virtual machine was being shut down.

After restart, you will find that you cannot log on to the graphical interface. The following error occurs:

(1)/usr/lib/libgconf2-4/gconf-sanity-check-2 exit status is 256

After renaming the document, the following error occurs:

(2) An error occurred while configuring the server. The default configuration of gnome power manager is not correctly installed.

 

First, I thought it was caused by damage to the user's configuration file. So I switched to the command line and deleted the gnome-related configuration file under the Home directory, but it still failed to start. So I created another user, cannot log on, so it is basically excluded

And then try to log on to the graphical interface as the root user. The logon is successful, so it can be inferred that it is a permission issue. Find the relevant configuration documents such as power management and gnome under the/etc directory, and no exception is found.

 

Google, find the http://www.sq01.cn/viewthread.php? Tid = 4365 this article, so I checked the standard permissions for the/tmp and/tmp directories:

Drwxrwxrwt 12 Root 4096 07-16 17:50 TMP

All users have read and write permissions and set a sticky bit. Although users have write permissions on directories, they cannot delete files created by other users, ensures file security in the shared directory

The permissions of the current/tmp directory and the UID and GID have all changed, leading to the loss of some necessary permissions for/tmp by common users, during login, the gnome power manager may need to use the/tmp directory to create temporary files, but it does not have the permission. Therefore, login to> record fails, and the root user does not have this problem.

Run sudo chmod 1777/tmp

Log on again and log on successfully.

 

Lessons learned:

The main reason for the modification of/tmp directory permissions, UID and GID is that the no_root_squash option is set in the/etc/exports file. According to the description in "laruence's private house dish:

No_root_squash:

The user who logs on to the NFS host to use the shared directory. If it is root, the user has the root permission for the shared directory! This project is "extremely insecure" and is not recommended!

Root_squash:

If the user logging on to the NFS host to use the shared directory is root, the user's permissions will be compressed into anonymous users, generally, his UID and GID will become the identity of the nobody SYSTEM account;

When the Sybase Database is installed, the system switches to the root user. Therefore, RedHat has the arbitrary modification permission on the/tmp directory. in use, the VM modifies the/tmp directory permission on Ubuntu, this problem occurs. Although NFS is quite convenient to use, security is not a small problem, so you need to be very careful about the options you set. Today, you only need to install Sybase and only need read permission. Therefore, RW, the no_root_squash options can be removed, so that today's problems will not occur.