Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to setup NFS but I do not want everyone to access all the folders on the server. For instance, only some should be able to access the MIS folder, others the R&D folder. With Netware, I just create groups and assign folder rights to the group. How do I accomplish the same thing with NFS?
I understand file permissions, but how does this apply to the server side? In Netware, the users ID is passed to the server at login. How does the Linux server know who is trying to access the folder?
NFS assumes that the UID of the user accessing the file on the client is the UID. So, if I'm a user on both systems and I have UID 500 on both the server and the client, everything is fine. But if I have differing UIDs, problems can occur.
So I need to create a user on the server wih the same name as the user on the client? If the UID is different, I assume that needs to be changed. Does not sound like a very efficent way to run a server.
If i have three people starting the same day, their UIDs on their client will not match the UIDs on the server.
I agree with your frustration and I feel it too. More than that, NFS can be a security risk. An evil adminstrator with root privileges on a client that mounts your NFS shares can assume any UID on the client and create or modify files as that UID on the server. So, there are plenty things to think about above and beyond file and directory permissions.
I don't know what all your requirements are here, but I wonder if SAMBA is a better option for you? I have also done some experimenting with "shfs" (http://shfs.sourceforge.net/) -- though I don't really have enough experience with it yet to make informed comments or recommendations. I'd love to hear them if someone out there has some.
You generally want to have centralized authentication (e.g., NIS) if you have centralized file serving.
dcostakos is correct about the dangers poised by an evil user who gets local root privileges. One possible approach is to export your sensitive directories only to specific clients.
Honestly, my only requirment is to increase my skill set. I am trying to learn how this stuff works to make me more marketable. I suppose SAMBA is the way to go as i doubt there are many Linux only companies out there.
I tried to look into NIS but couldn't find anyhting at my level. "NIS for Dummies" would be nice. "NIS for the complete idiot" would be better.
Last edited by Min Donner; 08-20-2004 at 02:45 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Limit folder access in NFS
