Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Before asking this question, I searched the stackoverflow, but the answers no use:
mount: nfs access denied by server
In my VM, I have sda, sdb hard disk in the VM.
Then VM have ips:192.168.8.101, 192.168.8.104.
When I mount the sdb's directory to the VM's directory under /var:
[root#ha-node1 sdb]# mount -t nfs 192.168.8.104:/mnt/sdb/var/lib/glance/images /var/lib/glance/images
Get the below error:
mount.nfs: access denied by server while mounting 192.168.8.104:/mnt/sdb/var/lib/glance/images
And the directories under /mnt permissions all are perfect.
[root#ha-node1 sdb]# ll -d /mnt/
drwxr-xr-x. 4 root root 26 Jul 26 00:43 /mnt/
[root#ha-node1 sdb]# ll -d /mnt/sdb
drwxr-xr-x 4 root root 4096 Jul 26 10:05 /mnt/sdb
[root#ha-node1 sdb]# ll -d /mnt/sdb/var/
drwxr-xr-x 3 root root 4096 Jul 26 10:05 /mnt/sdb/var/
[root#ha-node1 sdb]# ll -d /mnt/sdb/var/lib/
drwxr-xr-x 3 root root 4096 Jul 26 10:05 /mnt/sdb/var/lib/
[root#ha-node1 sdb]# ll -d /mnt/sdb/var/lib/glance/
drwxr-xr-x 3 root root 4096 Jul 26 10:05 /mnt/sdb/var/lib/glance/
[root#ha-node1 sdb]# ll -d /mnt/sdb/var/lib/glance/images/
drwxr-xr-x 2 root root 4096 Jul 26 10:05 /mnt/sdb/var/lib/glance/images/
The network connection is also ok.
[root#ha-node1 sdb]# ping 192.168.8.104
PING 192.168.8.104 (192.168.8.104) 56(84) bytes of data.
64 bytes from 192.168.8.104: icmp_seq=1 ttl=64 time=0.024 ms
64 bytes from 192.168.8.104: icmp_seq=2 ttl=64 time=0.030 ms
64 bytes from 192.168.8.104: icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from 192.168.8.104: icmp_seq=4 ttl=64 time=0.031 ms
The NFS service works normal :
[root#ha-node1 sdb]# systemctl status nfs.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2017-07-26 00:26:23 CST; 11h ago
Process: 1916 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 1786 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 1916 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
Jul 26 00:26:22 ha-node1 systemd[1]: Starting NFS server and services...
Jul 26 00:26:23 ha-node1 systemd[1]: Started NFS server and services.
In the log I grep the mount:
[root#ha-node1 sdb]# cat /var/log/messages | grep mount
Jul 24 14:44:07 ha-node1 systemd: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.
Jul 26 00:12:08 ha-node1 systemd: Started dracut pre-mount hook.
Jul 26 00:12:11 ha-node1 systemd: Started dracut mount hook.
Jul 26 00:12:15 ha-node1 systemd: Started Remount Root and Kernel File Systems.
Jul 26 00:23:44 ha-node1 rpc.mountd[4312]: Version 1.3.0 starting
Jul 26 00:26:02 ha-node1 systemd: Started dracut pre-mount hook.
Jul 26 00:26:04 ha-node1 systemd: Started dracut mount hook.
Jul 26 00:26:08 ha-node1 systemd: Started Remount Root and Kernel File Systems.
Jul 26 00:26:22 ha-node1 rpc.mountd[1561]: Version 1.3.0 starting
Jul 26 00:43:03 ha-node1 kernel: EXT4-fs (sdb): mounted filesystem with ordered data mode. Opts: (null)
Jul 26 00:43:13 ha-node1 kernel: EXT4-fs (sdc): mounted filesystem with ordered data mode. Opts: (null)
Jul 26 10:07:03 ha-node1 rpc.mountd[1561]: refused mount request from 192.168.8.104 for /mnt/sdb/var/lib/glance/images (/): not exported
It shows not exported, I tried to exportfs -r, but no use.
Someone can tell me about this, why I can not NFS mount the sdb to self directory?
The directories exported to outer world is controled by file:'/etc/exports ' under linux OS.
add:
/mnt/sdb/var/lib/glance/images *(rw,sync,no_subtree_check)
in that file and try again. This is only a example for you, The access right should be modified accroding exactly requirement. read the manual of exports please.
Related
I am using jenkins in a docker container and would like to start another instance, whenever I try to use docker command like
docker run -t -i ap/dashboard /bin/bash
I get this error:
bash: line 61: docker: command not found
How do I navigate to another container or solve this error?
I can clearly see that the vm creator was able to use the docker command by reading the /root/.ash_history
here are some details about the system:
[-] Specific release information:
3.3.1
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.3.1
PRETTY_NAME="Alpine Linux v3.3"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
Hostname:
b51cdbb7eebd
ENVIRONMENTAL #######################################
Environment information:
JENKINS_VOL=/var/lib/jenkins
JAVA_VERSION_BUILD=17
HOSTNAME=b51cdbb7eebd
JAVA_VERSION_MAJOR=8
JENKINS_HOME=/opt/jenkins
NLSPATH=/usr/dt/lib/nls/msg/%L/%N.cat
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/java/jre/bin
JAVA_BASE=/usr/local/java
PWD=/
JAVA_HOME=/usr/local/java/jre
JAVA_PKG=server-jre
LANG=C.UTF-8
XFILESEARCHPATH=/usr/dt/app-defaults/%L/Dt
SHLVL=2
HOME=/root
PKG_URL=https://circle-artifacts.com/gh/andyshinn/alpine-pkg-glibc/6/artifacts/0/home/ubuntu/alpine-pkg-glibc/packages/x86_64
JENKINS_VERSION=1.637
JAVA_VERSION_MINOR=66
_=/usr/bin/env
[-] Available shells:
# valid login shells
/bin/sh
/bin/ash
/bin/bash
[+] We can read root's home directory!
total 76
drwx------ 5 root root 4.0K Aug 28 2018 .
drwxr-xr-x 1 root root 4.0K Nov 24 10:55 ..
-rw------- 1 root root 3.1K Aug 29 2018 .ash_history
-rw------- 1 root root 155 May 16 2016 .bash_history
drwxr-xr-x 2 root root 4.0K May 12 2016 .oracle_jre_usage
drwx------ 2 root root 4.0K Aug 28 2018 .ssh
-rwxr-xr-x 1 root root 46.0K Aug 28 2018 LinEnum.sh
drwxr-xr-x 3 root root 4.0K May 12 2016 dockerfiles
-rw-r--r-- 1 root root 0 Aug 28 2018 foo
Looks like we're in a Docker container:
10:net_prio:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
9:net_cls:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
8:freezer:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
7:devices:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
6:memory:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
5:blkio:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
4:cpuacct:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
3:cpu:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
2:cpuset:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
1:name=openrc:/docker
-rwxr-xr-x 1 root root 0 May 16 2016 /.dockerenv
[-] Anything juicy in the Dockerfile:
-rw-r--r-- 1 root root 617 May 12 2016 /root/dockerfiles/jenkins/Dockerfile
I tried many docker commands without hope
is it because that I'm already inside the container??
Try with docker run -t -i ap/dashboard /bin/ash.
Maybe your container does not use bash so you should try with /bin/sh which is a symcolic link to the default installed shell processor.
I hope someone can help me with my problem.
Background: I want to mount very big ISOs to my raspberry via sftp.
If I try to mount the iso from a local folder, for example Downloads\2005-2010.iso it works perfect. But if I try to mount the ISO from a mounted sshfs folder, it fails. I also tryed to change the permission to 777 (only for testing) to the mounted ftp folder, but no success.
I using "sshfs" to mount my ftp webhosting folder. (Works perfect)
The Output is different to the following statements:
Statement
sudo mount /home/pi/isomount/2005-2010.iso /home/pi/medien/2005-2010/
1.1 Output
mount: /home/pi/medien/2005-2010: cannot mount /home/pi/isomount/2005-2010.iso read-only.
Statement
sudo mount -o loop /home/pi/isomount/2005-2010.iso /home/pi/medien/2005-2010/
2.1 Output
mount: /home/pi/medien/2005-2010/: failed to setup loop device for /home/pi/isomount/2005-2010.iso.
Any idears what I can do to mount this .iso?
For me, this worked :
sudo bash
# Now in root
mkdir /tmp/iso
mount /home/pi/isomount/2005-2010.iso /tmp/iso
More details
~# cd /home/ubuntu/dev
/home/ubuntu/dev# df -k .
Filesystem 1K-blocks Used Available Use% Mounted on
User#remotehost:dev 487213052 380126780 107086272 79% /home/ubuntu/dev <-- sshfs mounted
/home/ubuntu/dev# ls -l ubuntu-20.04.3-desktop-amd64.iso
-rwx------ 1 197609 197121 3071934464 Dec 28 10:44 ubuntu-20.04.3-desktop-amd64.iso
/home/ubuntu/dev# mount ubuntu-20.04.3-desktop-amd64.iso /tmp/iso
mount: /tmp/iso: WARNING: device write-protected, mounted read-only.
/home/ubuntu/dev# ls -ltr /tmp/iso
total 101
lr-xr-xr-x 1 root root 1 Aug 19 11:59 ubuntu -> .
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 preseed
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 pool
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 dists
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 install
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 casper
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 boot
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 EFI
dr-xr-xr-x 1 root root 34816 Aug 19 12:01 isolinux
-r--r--r-- 1 root root 53487 Aug 19 12:03 md5sum.txt
My sshfs mount options in /etc/mtab :
User#remotehost:dev /home/ubuntu/dev fuse.sshfs rw,nosuid,nodev,relatime,user_id=1001,group_id=1001,allow_other 0 0
I'm trying to install .NET Core(3.1) app in Centos8 using steps given in MS enter .
Service File as per Microsoft document /etc/systemd/system/kestrel-dotnetapp.service
[Unit]
Description= .NET Web API App for centos
[Service]
WorkingDirectory=/var/Application/netcoreapp31
ExecStart=/usr/local/dotnet /var/Application/netcoreapp31/helloapp.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnetapp
User=user
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
When i do > sudo systemctl start kestrel-dotnetapp.service am getting error.
Jun 04 22:51:28 hostname systemd[1827]: kestrel-dotnetapp.service: Failed to execute command: Permission denied
Jun 04 22:51:28 hostname systemd[1827]: kestrel-dotnetapp.service: Failed at step EXEC spawning /usr/local/dotnet: Permission denied
-- Subject: Process /usr/local/dotnet could not be executed
-- Defined-By: systemd
Find below ls -la :
[user#hostname dotnet]$ ls -la
total 108
drwxr-xr-x. 4 root root 94 Apr 22 09:34 .
drwxr-xr-x. 14 root root 154 Jun 4 21:11 ..
-rwxr-xr-x. 1 root root 73048 Apr 22 09:32 dotnet
drwxr-xr-x. 3 root root 17 Apr 22 09:34 host
-rw-r--r--. 1 root root 1116 Apr 22 09:29 LICENSE.txt
drwxr-xr-x. 4 root root 67 Apr 22 09:34 shared
-rw-r--r--. 1 root root 31330 Apr 22 09:29 ThirdPartyNotices.txt
My application deliverables folder
[user#hostname Application]$ ls -la
total 8
drwxr-xr-x. 3 root root 26 Jun 4 20:53 .
drwxr-xr-x. 22 root root 4096 Jun 4 20:53 ..
drwxr-xr-x. 2 777 user 4096 Jun 4 20:45 netcoreapp31
Found that service is starting when we change path of ExecStart to ExecStart=/usr/local/dotnet/dotnet . No idea why microsoft blog said till ExecStart=/usr/bin/dotnet is enough !
PS: Also if the Linux is SE service files shouldn't be in /home directory
After hours and hours of searching... the answer above is valid
even for Dotnet 5.0 application with default installation and default user pi with custom publish folder:
[Service]
WorkingDirectory=/home/pi/myPublishDirectory
ExecStart=/home/pi/.dotnet/**dotnet** /home/pi/myPublishDirectory/MyApplication.dll
User=pi
...
I've just setup a home server (Ubuntu Server 14) and have configured DNS and DHCP. It all works fine except DDNS. /var/logs/syslog is reporting the following when a new DHCPREQUEST is made:
Jul 25 23:20:14 ns.lan dhcpd: DHCPREQUEST for 192.168.1.73 from <mac> (<hostname>) via eth0
Jul 25 23:20:14 ns.lan dhcpd: DHCPACK on 192.168.1.73 to <mac> (<hostname>) via eth0
Jul 25 23:20:14 ns.lan dhcpd: Unable to add forward map from <hostname>.lan to 192.168.1.73: SERVFAIL
The zone file is set to root:bind and 664.
-rw-r--r-- 1 root root 2389 Jun 29 20:54 bind.keys
-rw-r--r-- 1 root root 237 Jun 29 20:54 db.0
-rw-r--r-- 1 root root 271 Jun 29 20:54 db.127
-rw-r--r-- 1 root bind 313 Jul 25 21:02 db.192
-rw-r--r-- 1 root root 237 Jun 29 20:54 db.255
-rw-r--r-- 1 root root 353 Jun 29 20:54 db.empty
-rw-rw-r-- 1 root bind 387 Jul 25 17:57 db.lan
-rw-r--r-- 1 bind bind 0 Jul 25 20:04 db.lan.jnl
-rw-r--r-- 1 root root 270 Jun 29 20:54 db.local
-rw-r--r-- 1 root root 3048 Jun 29 20:54 db.root
-rw-r--r-- 1 root bind 463 Jun 29 20:54 named.conf
-rw-r--r-- 1 root bind 490 Jun 29 20:54 named.conf.default-zones
-rw-r--r-- 1 root bind 398 Jul 25 17:14 named.conf.local
-rw-r--r-- 1 root bind 998 Jul 25 02:10 named.conf.options
-rw-r----- 1 bind bind 77 Jul 18 01:39 rndc.key
-rw-r--r-- 1 root root 1317 Jun 29 20:54 zones.rfc1918
And I've added the dhcpd user to the bind group:
$ groups dhcpd
dhcpd : dhcpd bind
I've also configured AppArmor (/etc/apparmor.d/usr.sbin.dhcpd) to allow the access:
# Allow access to bind zone file so that it
# can be updated as new hosts are allocated
/etc/bind/db.lan rw,
The zone file looks like this:
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA ns.lan. hostmaster.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns
# IN A 127.0.0.1
# IN AAAA ::1
ns IN A 192.168.1.1
server IN A 192.168.1.2
media IN A 192.168.1.3
web IN A 192.168.1.4
dsldevice IN A 192.168.1.254
Any ideas on the "Unable to add forward map" SERVFAIL error or even how I can diagnose the problem?
I ended up re-jigging the file structure a little and something I've done has made it work. I guess that points at a permissions issue, probably apparmor related at a guess.
As #Richard Payne said, it's an issue with apparmor.
Running tail -f /var/log/messages should show messages like this:
kernel: [ss.sss]: audit: type=1400: apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/db.<zone>.jnl" ....
So, to solve this, add the following to /etc/apparmord.d/local/usr.sbin.named:
# Allow dynDNS entries to be written, along with journal ant temporary files
/etc/bind/db.* rw,
/etc/bind/tmp-* rw,
Also, make sure that the file /etc/apparmord.d/usr.sbin.named contains an #include directive for the file with our changes. It is generally at the end, and looks like this:
# Site-specific additions and overrides
#include <local/usr.sbin.named>
Then, restart apparmor and bind
sudo systemctl restart apparmor
sudo systemctl restart bind9
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am new to linux and I am having a problem with permissions. Quite a long time ago I had created an AWS EC2 instance from scratch using step by step tutorials scattered over the web. I managed to upload an html website over there and linking the domain to it etc...
Now that after six months I am connecting again to the EC2 instance using MobaXTerm SSH or SFTP session, I can't get to upload new files or rename old files etc. I am using the regular ec2-user which from what I understand is quite a privileged user nearly as permissable as root.
I connect successfully with the old key that I had created and I can arrive to the desired directory. But I simply can't upload new files or replace old ones because I get a permission denied error. I don't know why and how to fix.
Last login: Fri Apr 25 13:18:26 2014 from 85.232.210.97
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.03-release-notes/
[ec2-user#ip-172-31-47-208 ~]$ cd ./var/www/html/
-bash: cd: ./var/www/html/: No such file or directory
[ec2-user#ip-172-31-47-208 ~]$ cd .
[ec2-user#ip-172-31-47-208 ~]$ cd ..
[ec2-user#ip-172-31-47-208 home]$ cd ..
[ec2-user#ip-172-31-47-208 /]$ cd var/www/html/
**[ec2-user#ip-172-31-47-208 html]$ mv index.html index_old.html
mv: cannot move ‘index.html’ to ‘index_old.html’: Permission denied**
[ec2-user#ip-172-31-47-208 html]$ ls -l
total 164
drwxrwxr-x 2 ec2-user ec2-user 4096 Mar 27 16:03 css
-rw-rw-r-- 1 ec2-user ec2-user 5686 Mar 25 08:34 favicon.ico
drwxrwxr-x 2 ec2-user ec2-user 4096 Mar 27 16:04 font
drwxrwxr-x 14 ec2-user ec2-user 4096 Mar 27 16:18 images
**-rwxrwxrwx 1 ec2-user ec2-user 48675 Apr 25 13:41 index.html**
drwxrwxr-x 4 ec2-user ec2-user 4096 Mar 27 16:19 js
drwxrwxr-x 3 ec2-user ec2-user 4096 Mar 27 16:20 nbproject
drwxrwxrwx 2 ec2-user ec2-user 4096 Apr 25 13:30 old
drwxrwxr-x 3 ec2-user ec2-user 4096 Mar 27 16:20 php
-rw-rw-r-- 1 ec2-user ec2-user 41041 Sep 17 2013 PIE.htc
drwxrwxr-x 24 ec2-user ec2-user 4096 Mar 27 16:22 skins
-rw-rw-r-- 1 ec2-user ec2-user 30951 Mar 26 19:07 style.css
[ec2-user#ip-172-31-47-208 html]$
Can you guide me? What to check? Where to start and continue to dig to sort the issue?
I used WinSCP and SFTP also to manage file uploads easily but the permission issue remains unchanged.
Thank you
In order to add or remove files to/from a directory, you need to have write permission on the directory in question, which is /var/www/html in your case.(I originally wrote just a comment, but thinking again there is only one reason why you see what you are seeing.)Use ls -ld /var/www/html to have a look at the permissions on the directory itself. It should probably belong to root:ec2-user, which in turn means it should likely be chmod 775 (owner and group have read/write/execute permission, others may not write).