KVM on a nfs share

I have a permissions problem when storing my VM’s on a nsfpool.
I have set up a fileshare server where I plan to run my VM’s from. It is a UCR server that also serves as my domain DC backup.

Error managing domain “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”: Failed to open file ‘/var/lib/libvirt/images/nfspool/test-0.qcow2’: Access denied or Permission denied"
This happen only on my nsf pool not the default pool.

This is a bit out of my realm so I’m hoping that someone can point me in the right direction

Hi,

I assume you are just having set wrong permissions.

By default when creating a new share you have these settings:
Bildschirmfoto%20vom%202018-12-11%2009-12-20
The share belongs to the user root and the group root.
The owner root can do everything with the files and directories.
The group root can only read, but not write.
Others can only read, but not write.

And for NFS:
Bildschirmfoto%20vom%202018-12-11%2009-13-05

You have by default enabled root squashing which means if someone writes to a share with userid 0 (for root) the ID will get squashed to a different (non-root) ID.

So you KVM writes a new file as root. The NFS server rewrites the ID to a user (usually nobody). The file then should have the owner of nobody and group of nogroup. But the user nobody belongs to “other” and therefore has not write permission.

Got it so far?

I would recommend to disable root squashing (can be a security flaw, check docs about it!) if this share is just used dfor the KVM host.

/CV

Thanks, that solved my problem.