Question 80 of 537
Create and configure file systemshardMultiple ChoiceObjective-mapped

NFS Permission Denied: Re-export After /etc/exports Changes

This EX200 practice question tests your understanding of create and configure file systems. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

# cat /etc/exports
/export       *(rw,sync,no_subtree_check)
/export/shared 192.168.1.0/24(rw,sync,no_subtree_check)
/export/restricted 10.0.0.0/8(ro,sync,no_subtree_check)
# exportfs -v
/export        <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/export/shared 192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/export/restricted 10.0.0.0/8(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
# showmount -e localhost
Export list for localhost:
/export        *
/export/shared 192.168.1.0/24
/export/restricted 10.0.0.0/8

Refer to the exhibit. A client at 10.0.0.5 tries to mount /export/restricted but receives 'Permission denied'. What is the issue?

Exhibit

# cat /etc/exports
/export       *(rw,sync,no_subtree_check)
/export/shared 192.168.1.0/24(rw,sync,no_subtree_check)
/export/restricted 10.0.0.0/8(ro,sync,no_subtree_check)
# exportfs -v
/export        <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/export/shared 192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/export/restricted 10.0.0.0/8(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
# showmount -e localhost
Export list for localhost:
/export        *
/export/shared 192.168.1.0/24
/export/restricted 10.0.0.0/8

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The client's IP is in the allowed subnet but the export entry for /export/restricted is missing from /etc/exports after a change and not re-exported

The correct answer is A. According to the exhibit, the client's IP (10.0.0.5) is within the allowed subnet for /export/restricted. However, after a change to /etc/exports, the export entry was not re-exported using 'exportfs -a' or by restarting the NFS server. The NFS server uses the cached export list; without re-exporting, the new entry is not active, and the client receives a 'Permission denied' error when trying to mount. Option B is incorrect because the client's IP is in the allowed subnet as shown in the exhibit. Option C is incorrect because 'root_squash' affects file ownership, not mount permission. Option D is incorrect because 'ro' prevents writes but still allows mounts, and the error is about mount permission, not write permission.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The client's IP is in the allowed subnet but the export entry for /export/restricted is missing from /etc/exports after a change and not re-exported

    Why this is correct

    The client's IP 10.0.0.5 is within the allowed subnet 10.0.0.0/24, so the issue is not subnet mismatch. The correct reason is that the export entry for /export/restricted is missing from /etc/exports after a change and the NFS server has not been re-exported with `exportfs -ra`.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The client IP 10.0.0.5 is not in the allowed subnet 192.168.1.0/24

    Why it's wrong here

    The client IP 10.0.0.5 is actually within the allowed subnet (10.0.0.0/24) shown in the exhibit, not 192.168.1.0/24. Therefore, this is not the cause of the error.

  • The export uses root_squash which maps root to nobody, causing permission issues

    Why it's wrong here

    root_squash does not cause 'Permission denied' during mount; it affects access after mounting by mapping root to nobody. The error occurs at mount time, so this is not the issue.

  • The export /export/restricted has ro (read-only) and the client might be trying to write

    Why it's wrong here

    The export /export/restricted having ro (read-only) would cause write operations to fail after mount, not a 'Permission denied' error during the mount attempt itself.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Candidates often forget that after editing /etc/exports, the NFS server must re-export the file systems using 'exportfs -a' or by restarting the NFS service. Without this step, the changes are not applied and clients may receive 'Permission denied' even if their IP is in the allowed subnet.

Trap categories for this question

  • Command / output trap

    The client IP 10.0.0.5 is actually within the allowed subnet (10.0.0.0/24) shown in the exhibit, not 192.168.1.0/24. Therefore, this is not the cause of the error.

Detailed technical explanation

How to think about this question

The NFS server uses /etc/exports to define export policies, and changes require `exportfs -ra` to update the kernel's export table (stored in /var/lib/nfs/etab). The 'Permission denied' error occurs at the RPC layer when the client's IP is not matched to any export entry for the requested path, even if the subnet is allowed for other exports. This is distinct from file-level permission errors (e.g., EACCES) which occur after a successful mount.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A network engineer segments a warehouse floor into three subnets: 20 scanners, 5 printers, and 2 management hosts. Picking the wrong mask wastes addresses or leaves too few usable hosts. Exam questions test whether you can apply CIDR notation, calculate block size, and identify the correct usable-host range for a given prefix.

Visual reference

192.168.1.0 /24 256 addresses (254 usable) 192.168.1.0 /25 Subnet A 128 addr (126 usable) 192.168.1.128 /25 Subnet B 128 addr (126 usable) Borrowing 1 bit from host portion creates 2 subnets (/25)

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related EX200 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free EX200 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this EX200 question test?

Create and configure file systems — This question tests Create and configure file systems — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The client's IP is in the allowed subnet but the export entry for /export/restricted is missing from /etc/exports after a change and not re-exported — The correct answer is A. According to the exhibit, the client's IP (10.0.0.5) is within the allowed subnet for /export/restricted. However, after a change to /etc/exports, the export entry was not re-exported using 'exportfs -a' or by restarting the NFS server. The NFS server uses the cached export list; without re-exporting, the new entry is not active, and the client receives a 'Permission denied' error when trying to mount. Option B is incorrect because the client's IP is in the allowed subnet as shown in the exhibit. Option C is incorrect because 'root_squash' affects file ownership, not mount permission. Option D is incorrect because 'ro' prevents writes but still allows mounts, and the error is about mount permission, not write permission.

What should I do if I get this EX200 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More EX200 practice questions

Last reviewed: Jul 4, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This EX200 practice question is part of Courseiva's free Red Hat certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the EX200 exam.