NFSv4 with Kerberos: strange user mapping/permissions

To: debian-kernel@lists.debian.org
Subject: NFSv4 with Kerberos: strange user mapping/permissions
From: Christian Schneider <chschneider@nurfuerspam.de>
Date: Sat, 17 Apr 2010 00:17:09 +0200
Message-id: <201004170017.09093.chschneider@nurfuerspam.de>

Hi,

I just setup an NFSv4 server with Kerberos. Let us assume that there are 
two users "foo" and "bar" (with same UIDs/GIDs on client and server). 
Their home directories with permissions set to "700" are exported to a 
client.

Is the following the inteded behaviour of mapping IDs/permissions?:

  0. start nfs-common and mount the /home directories from the server
     => "foo" cannot access the mounted directories ("foo" does not have
     any tickets yet)

  1. "foo" gets a ticket as principal "foo" => he can access /home/foo,
     but not /home/bar

  2. "foo" destroys the ticket and gets a ticket as principal "bar" =>
     he can still access /home/foo, but *not* /home/bar

  3. umounting /home, restarting nfs-common, mounting /home again =>
     "foo" can access /home/bar, but not /home/foo

Is this the intended behaviour? (Or am I missing anything?)

Thanks in advance.

Cheers,
Christian

Reply to:

Prev by Date: Re: nfs-kernel-server, 2.6.32 and lenny
Next by Date: Processed: .
Previous by thread: Re: nfs-kernel-server, 2.6.32 and lenny
Next by thread: Processed: .
Index(es):
- Date
- Thread