|
NFS - files/directories created with local UID/GID
Hello,
Running Centos 5 server with this export: /mnt/backupdata2 10.0.0.141(rw,insecure,anonuid=500,anongid=505) the client side is an OSX machine, which can write to this share.. But when a file is created, the UID and the GID on the NFS server are different.. (501 - 20) on OSX 501 is my username.... so I think its set with the OSX UID/GID... (501 is NOT a user on the Centos 5 server) (so the share is accessed (and have the permissions) as 500,505 (given in the export). but files/dirs are created as 501-20 on another server with same config (but centos 4) its working correct; files/dirs are created with the gived anonuid and anongid.... who can help me? |
NFS isn't accessed with spoofed uid and gid, but real one given out by OS accessing NFS. This is nature of NFS
|
Quote:
Why is the same working on another server? |
Here is the solution:
/mnt/backupdata2 10.0.0.141(rw,async,no_subtree_check,insecure ,all_squash,anonuid=500,anongid=505) I'm not concerned with security, as this is just a large media pc nfs. anonuid and anongid set the numeric user group and user id that exist on the server for all connected clients. all_squash means to completely ignore the clients uid and guid |
In my experience, NFS runs in cooperation with NIS or Yellow-Pages (yp) services that keep users and groups in sync across a gaggle of network connected hosts. If you don't have yp, you need to spend some effort keeping your users and groups organized among all connected hosts. Larger sites use LDAP as a more modern replacement for NIS.
When host-A users access a drive that is physically connected to host-B, the host-A process user goes through a service on host-B that maps users and groups. For example, user=sam maps to user=dilbert. The file write then happens using dilbert's permissions, ownership, and so on. See Linux NFS Howto. I hope this helps, ~~~ 0;-Dan |
| All times are GMT -5. The time now is 05:53 AM. |