LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   using same NFS and SSH permission (https://www.linuxquestions.org/questions/linux-general-1/using-same-nfs-and-ssh-permission-773800/)

mr_aliagha 12-06-2009 09:55 AM
using same NFS and SSH permission
 
Hi everybody.
I am using ssh for connecting remotely to server in our enterprise network, i want to give permission to nfs for some specific computers(some console) in our enterprise LAN, the problem is i want to users login to these computers as their ssh account and have same permission as ssh account on nfs. for example, assume user "ali" has a read/write permission on /home/ali and just read permission on other folders in /home . i want to user connect as "ali" on console computers and have same permission as ssh over nfs (except root user)
how can i do that?!

estabroo 12-06-2009 10:04 AM
instead of nfs you could look at some kind of automated sshfs, don't know if anyone has made automounter stuff for it, but sshfs would give you the permissions you want and keep other local people from accessing sshfs mounted stuff.

mr_aliagha 12-06-2009 11:15 AM
interesting idea, but actually there is no need for use secure channel in these computer since they are physically secured and also users want to copy and paste huge files to/from server on these computers (files with size of more than 2-3 gigabyte) so using ssh for them is overhead...

estabroo 12-07-2009 08:13 AM
It really isn't much overhead, I use it all the time with multigigabyte files and it saturates my 100mb ethernet during transfer.

If you are having them log into a remote computer that has nfs mounts, then all you'd need to do is have the uid/gid of the account they are sshing in as match what they are allowed to access on the nfs server.

So user ali on the nfs server has a uid of 1001, just make sure the account ali ssh's into on that computer that can nfs has a uid of 1001

nfs does all its user security based on uid/gid.

mr_aliagha 12-07-2009 04:10 PM
Is there any automatic way for matching uid or gid?!! or it should be checked manually?!!

estabroo 12-07-2009 04:50 PM
All depends on how you create your accounts, you could make an automated way, and if your using something like ldap or nis then it should match already, if you are using local accounts then I'd manual check just to verify

mr_aliagha 12-08-2009 10:31 AM
Ahan, Thanks a lot, it seems that sshfs is easier solution , anyway i will try sshfs and if i find it slow i'll return to nfs + ssh ;)


All times are GMT -5. The time now is 04:12 PM.