LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-02-2010, 05:41 AM   #1
sridhar.bodike
LQ Newbie
 
Registered: May 2010
Location: Hyderabad
Distribution: RHEL
Posts: 11

Rep: Reputation: 0
nfs doubt


how to give nfs share to only one particular user in that particular system.
that is for example if 192.168.0.5 has many users but i wanna make only one particular user to acces that share.
is it possible
if yes plz
 
Old 06-02-2010, 05:48 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
You can try and use user@<ip> in your case user@192.168.0.5
 
Old 06-02-2010, 07:43 AM   #3
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
Hi

You can't explicitly prevent ANY user from mounting the share.

What you can prevent is ANY user from being able to read/write to the share - to do this, you'll have to make the shared folder itself belong to the user you want to have access to it.

So in other words, if you have machine A, where the share is located; and machine B, from where it will be mounted/accessed; and you want only JoeSoap to be able to access the share - then the shared folder on machine A must belong to JoeSoap (that is, chown -R JoeSoap:JoeSoap /your/shared/folder).

Its a bit of a work around but it can work.
 
Old 06-02-2010, 08:50 AM   #4
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It should be enough to specify a single client IP in the server's export options, then use filesystem permissions on the share to only allow a single UID access to the files. The security of that approach relies on:
a) Nobody being able to hijack the client's IP
b) Nobody being able to change UID on the client - i.e. your users don't have root access or access to each other's accounts, and if you're using a directory like LDAP for passwd info your users shouldn't be able to ldapmodify their UID.

If you're happy that those conditions are met, then you're good to go.

If you need better security, then you'll have to set up Kerberos and use that to authenticate the user.

Dave
 
Old 06-07-2010, 07:29 AM   #5
sridhar.bodike
LQ Newbie
 
Registered: May 2010
Location: Hyderabad
Distribution: RHEL
Posts: 11

Original Poster
Rep: Reputation: 0
in nfs server /etc/exports if i give the entry has /data 192.168.0.40/24(rw,no_root_squash)
now if a root user login to 192.168.0.40 and mount /data on /mnt
if a root user creates a files in /mnt then at server side that is in /data if i type ll
it is showing uid and gid are root and root its fine. But if other user in the system say sridhar creates the files in /mnt then on the server side the uid is showing as 500 which is sridhar,s uid and gid in the client.
now my question is i want in server side to reflect the name of user who is creating files in /data
what should i do.

Also if there are many users in 192.168.0.40 say ram tom sridhar etc. But i want to give access to nfs share only to user ram . then what entry should i write in /etc/exports file.

pls help me
 
Old 06-07-2010, 07:43 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
root is a common user that is present on all the Linux systems and its user id and group id remains same on all. And hence you can see that no matter from which system you create a file/folder as root it will have correct ownership because root user is present on both systems. If you want to centralize the user management, you should look for LDAP.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] NFS mount fails (times out): NFS server is in DMZ, NFS client is in intranet Hiroshi Linux - Networking 2 05-24-2010 11:22 AM
LXer: Run your NFS server in the user address space with NFS-GANESHA LXer Syndicated Linux News 0 11-27-2008 05:40 AM
plzz help ...........Doubt about NFS...??? shishirkotkar Linux - Software 4 06-20-2008 02:14 AM
NFS client = Linux, NFS server = Mac OS X Tiger --> Hell of a problem make Linux - Networking 9 03-10-2006 06:16 AM
NFS doubt ... wjleon Linux - Networking 3 11-28-2005 06:32 PM


All times are GMT -5. The time now is 04:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration