1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NFS share bash script issue

Discussion in 'Linux & Open Source' started by opethdisciple, May 25, 2018.

  1. opethdisciple


    Joined: May 18, 2010

    Posts: 16,958

    Location: London

    I'm working on a backup script for my satellite server.

    Red Hat provide a script which I have modified.

    My issue is the following.

    The script will run as root (I suppose)

    I need to mount and unmount an nfs share.

    Then sudo su to a user that has write permissions (nfsuser) on the share then run the satellite-backup command then exit as nfsuser back to root and umount the nfs share.

    The problem is the satellite-backup command seems to need to run as root, but at this point I am currently in as nfsuser:

    #!/bin/bash -e
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin
    YEAR=$(date +%Y)
    WEEK=$(date +%-V)

    mount nfsshareserver:/backup /backups
    sudo su nfsuser

    if [[ $(date +%w) == 0 ]]; then
    satellite-backup $DESTINATION/$YEAR-$((WEEK + 1)) --assumeyes
    LAST=$(ls -td -- $DESTINATION/$YEAR-$WEEK/*/ | head -n 1)
    satellite-backup $DESTINATION/$YEAR-$WEEK --incremental "$LAST" --assumeyes
    exit 0

    umount /backups

    How do I make the satellte-backup command run as root. The issue is only the nfsuser can write to the nfs share.
    Last edited: May 25, 2018
  2. the-evaluator

    Wise Guy

    Joined: Sep 24, 2015

    Posts: 1,173

    I think this would work:

    sudo su root -c 'satellite-backup $DESTINATION/$YEAR-$((WEEK + 1)) --assumeyes'

    That'd run that command as root and then drop back to the nfsuser. You'd need to edit the second satellite-backup command too of course.
  3. opethdisciple


    Joined: May 18, 2010

    Posts: 16,958

    Location: London

    I'll try it tomorrow.

    However isn't the problem that the nfsuser doesn't have privileges to sudo su root?
  4. the-evaluator

    Wise Guy

    Joined: Sep 24, 2015

    Posts: 1,173

    Possibly, but that's easiy fixed by editing /etc/sudoers.
  5. PaulCa


    Joined: May 3, 2018

    Posts: 459

    The problem is root_squash.

    When root attempts to access an NFS share, by default they are demoted to "nobody" or "anon user". Usually "nobody" can not write to any files, except those set to 777 file mode.

    DO NOT DISABLE THIS FEATURE UNLESS YOU REALLY, REALLY trust yourself. I have learnt this the hard way when I was building a new test system and decided to abandon it. Thinking there was nothing worth keeping I did an rm -fr /* However when I started seeing the path /mnt/shared/ going up the screen I realised I had network drives mounted with root_squash disabled. Luckily I stopped it before I lost all my bulk storage. Since then I find other ways to do things rather than disable root squash.

    What I would do is execute the backup on the server as root. You can then just execute it over ssh:

    ssh root@server /some/path/satelite-backup ......

    Note, however you can run a command remotely and consume it's output locally, so this actually works:

    ssh root@server tar -cvzf - /some/important/path > local-tar-file.tar.gz

    or even tar on the remote and zip on the local:

    ssh root@server tar -cvf - /some/important/path | gzip > local-tar-file.tar.gz

    Note that setting up passphraseless ssh keys in ~/.ssh/authorized_keys will help with this approach as no password is required to login.

    EDIT: If you have heeded my warning and are happy enough to go ahead, you can disable root_squash by adding no_root_squash to the NFS export options in /etc/exports