LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-08-2009, 01:09 AM   #1
SirSefu
LQ Newbie
 
Registered: May 2007
Posts: 9

Rep: Reputation: 0
NFS export - giving a computer access to root-owned files?


Yes, I know this is not a good practice, and this is only a short-term solution.

I have a server with a web-file-server daemon running internally as root, so the permissions for all files it transfers/creates have a uid/gid of 0:0.

This is fine for the daemon, but I would like to manage those files from another workstation - actually a few workstations on a very limited LAN subnet - through NFS. How would it be possible to have users from a certain subnet mount NFS with root read/write abilities?

I have seen the anonuid/anongid options (for the /etc/exports file), but I'm not so sure this is the right way to go.
 
Old 10-08-2009, 02:58 AM   #2
madmadmod
Member
 
Registered: Sep 2009
Distribution: Fedora, Red Hat
Posts: 52

Rep: Reputation: 18
Hi

I think what you want to do is something like:

/etc/exports (Webserver)
Code:
/myapplication     x.x.x.x(rw,no_root_squash)
And if you want to give the usrs on the other server the permissions to mount that filesystem, I would use sudo.
 
Old 10-08-2009, 04:36 AM   #3
SirSefu
LQ Newbie
 
Registered: May 2007
Posts: 9

Original Poster
Rep: Reputation: 0
Hello,

Thanks for your reply - what you're showing is a rather normal NFS export, but I'd rather that the client machines mount directories without having to sudo - only I know the password.
 
Old 10-08-2009, 09:08 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
root_squash or no_root_squash, the files are still owned by root.
I think what you need (if you don't want the clients to use sudo to become root) is to open up the 'other'/3rd set of file perms eg

rw-rw----

becomes

rw-rw-rw-
 
Old 10-09-2009, 02:21 AM   #5
madmadmod
Member
 
Registered: Sep 2009
Distribution: Fedora, Red Hat
Posts: 52

Rep: Reputation: 18
ok, i think i still dont understand what you want to do ;-)

I understand now the following:

- user should be able to mount the nfs exports without sudo or switching to root first. --> can be done with autofs

- files owned by root on the remote server should be readable and writable by "normal" users from via the mounted filesystem? --> hmm... you could use samba and then use the "force user = root" option.

Quote:
force user (S)
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this
service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause
security problems.

This user name only gets used once a connection is established. Thus clients still need to connect as a valid
user and supply a valid password. Once connected, all file operations will be performed as the "forced user",
no matter what username the client connected as. This can be very useful.

In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the
primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the
connecting user (this was a bug).
 
Old 11-07-2009, 10:24 AM   #6
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Warning: I don't use NFS, so I don't know what complications it might add to the following suggestion:

Change the group ownership of the files, & add the authorized uses to the new ownership group.
 
  


Reply

Tags
export, mount, nfs, permissions, root


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Editing files owned by root SiW Programming 5 07-31-2007 02:36 PM
assign user to access root owned files eyt Linux - General 1 07-27-2007 04:28 PM
user access to files owned by root jonfa Linux - General 2 07-09-2007 12:58 PM
all users have access to root owned files sakatola Linux - Security 2 07-22-2005 01:45 AM
vfat mount - all files are 'root' owned, but even root can't -WX d33pdream Linux - General 5 02-28-2003 03:38 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration