You've set up your NFS share perfectly - the mount works, you can read and write files, but suddenly hit a wall when trying to execute anything. The error typically looks like:
bash: ./script.sh: Permission denied
Even when the file permissions clearly show execute rights:
ls -l /my/mount/point/script.sh -rwxrwxr-x 1 user user 1024 May 10 10:00 script.sh
The problem stems from how NFS handles execution permissions differently from local filesystems. Even with:
- Correct file permissions (755)
- Proper NFS export options (rw,no_root_squash)
- Client mount options (rw,exec)
The execution still fails because of these often-overlooked factors:
1. UID/GID mismatches between server and client 2. Default NFS security behaviors 3. Filesystem-level restrictions
Solution 1: Verify and Match UIDs
In your case, the UIDs don't match:
Server: admin (uid=1000) user (uid=1001) Client: user (uid=1000) ← This actually matches the server's 'admin' user
Fix by either:
# On client machine: sudo usermod -u 1001 user
Or create matching users with consistent UIDs across all systems.
Solution 2: Enforce NFS Execution at Server Level
Modify your /etc/exports to explicitly allow execution:
/path/to/my/shared/folder 10.13.13.0/24(rw,async,no_subtree_check,no_root_squash,no_all_squash)
Then reload NFS:
sudo exportfs -ra
Solution 3: Client Mount Options
Your current fstab entry is mostly correct, but try adding these options:
10.13.13.100:/path/to/my/shared/folder /my/mount/point nfs rw,exec,user,owner,noatime,vers=3 0 0
Key additions:
noatime: Improves performance and avoids permission issuesvers=3: Forces NFSv3 which handles permissions differently
If problems persist, check these deeper issues:
# Check actual mount options in effect: mount | grep nfs # Verify NFS version being used: nfsstat -m # Test with simplest possible case: sudo mount -t nfs -o rw,exec,vers=3 10.13.13.100:/path/to/shared /mnt/test
For critical systems, consider adding these server-side export options:
/path/to/shared 10.13.13.0/24(rw,sync,no_wdelay,insecure_locks,no_root_squash,no_subtree_check)
Remember to restart both server and client NFS services after changes:
# On Debian: sudo service nfs-kernel-server restart sudo service rpcbind restart
When dealing with NFS-mounted directories where executable files aren't running despite correct permissions, we need to examine multiple layers of the system. The specific case involves:
Server (10.13.13.100) exports: /path/to/my/shared/folder 10.13.13.0/24(rw,async,no_sub_tree_check,no_root_squash) Client (10.13.13.111) mounts: 10.13.13.100:/path/to/my/shared/folder /my/mount/point nfs rw,exec,user,owner 0 0
The immediate red flag is the UID discrepancy between server and client:
- Server has admin (UID 1000) and user (UID 1001)
- Client has only user (UID 1000)
This means files owned by UID 1001 on the server appear owned by UID 1000 (admin) on the client, creating permission conflicts.
First verify the actual mount options in effect:
# On client machine mount | grep nfs cat /proc/mounts | grep nfs
Then check file permissions from both perspectives:
# On server ls -la /path/to/my/shared/folder/example_script.sh # On client ls -la /my/mount/point/example_script.sh
The complete fix requires addressing three aspects simultaneously:
1. Server-side exports adjustment:
/path/to/my/shared/folder 10.13.13.0/24(rw,async,no_sub_tree_check,no_root_squash,all_squash,anonuid=1000,anongid=1000)
2. Client fstab modification:
10.13.13.100:/path/to/my/shared/folder /my/mount/point nfs rw,exec,user,owner,noatime,nodiratime 0 0
3. Permission standardization:
# On server
chmod -R ugo+x /path/to/my/shared/folder
find /path/to/my/shared/folder -type f -exec chmod 755 {} \;
For environments where UID synchronization isn't possible:
Option 1: Use NFSv4 with idmapping /etc/idmapd.conf: [General] Domain = yourdomain.local [Mapping] Nobody-User = nobody Nobody-Group = nogroup Option 2: Force specific permissions /etc/exports: /path/to/my/shared/folder 10.13.13.0/24(rw,async,no_sub_tree_check,all_squash,anonuid=1000,anongid=1000)
Create this test script to validate all access levels:
#!/bin/bash # test_nfs_access.sh TEST_FILE="/my/mount/point/nfs_test_$(date +%s)" echo "Testing NFS permissions..." echo "1. File creation test" touch $TEST_FILE || echo "FAIL: Could not create file" echo "2. Write test" echo "test" > $TEST_FILE || echo "FAIL: Could not write to file" echo "3. Read test" cat $TEST_FILE || echo "FAIL: Could not read file" echo "4. Execute test" chmod +x $TEST_FILE ./$TEST_FILE 2>/dev/null && echo "SUCCESS" || echo "FAIL: Could not execute" rm -f $TEST_FILE