How to resolve chown:operation not permitted error when trying to change UID/GID on AWS File Gateway NFS file share?

When you first create the file share, the default UID/GID for the pre-existing objects in S3 bucket would be 65534:65534 which is nfsnobody:nfsnobody. You may want to change the ownership and assign specific UID/GID for these existing files through file gateway NFS file share.

When doing chown to change default UID/GID, you can get operation not permitted error. This happens when the squash level is set to root squash on the NFS file share.By default, when you create the NFS file share, root squash level is selected. Lets look into the three types of squash levels and what they mean:

Root squash : Any root user/group (UID 0 and GID 0) on the NFS client would be mapped to default UID/GID on the file share. This is set to 65534 which is nobody and doesn’t have any privileges.
No root squash : When no root squash is enabled, the root user/group((UID 0 and GID 0) on the NFS client would get root access privileges.
All squash : When all squash is enabled, ALL users on the NFS client is mapped to User ID (UID and Group ID (GID) 65534.

You can get the current squash level on the file share running the following command through CLI. You can get the file share ARN running below :
$ aws storage gateway list-file-shares --gateway-arn <gateway arn>
$ aws storagegateway describe-nfs-file-shares --file-share-arn <filesharearn>

In Storage Gateway AWS management console, you can check in Details under the file share from the File Shares side tab.

As my current squash level is set to Root squash (default), when I use root with sudo to change ownership running chown from nfsnobody:nfsnobody to ec2-user:ec2-user (1000:1000) UID/GID, I get chown: changing ownership of ‘file.txt’: Operation not permitted.

Resolution :
For root user to run chown, you can change the squash level from root squash to no squash, either using the following command or from the AWS management console.
CLI command :
$ aws storagegateway update-nfs-file-share --file-share-arn <fileshare arn> --squash NoSquash

AWS management console :
Under File Share settings, change to No root squash and select save changes:

After the squash level is changed and saved, wait for the file share status to show Available. Once the file share status is in Available, you can retry running the chown as below.

If you want, you can change the squash level back to root squash or all squash after completing the chown operation. You can use the same update-nfs-file-share or from the management console to change the squash level back to root squash or all squash.

Leave a Comment

Your email address will not be published. Required fields are marked *