Re: NFS permissions question
On Tue, Nov 16, 2004 at 02:01:02PM -0500, Christian Convey wrote:
> My understanding of NFS permissions is that for any file appearing on
> an NFS share, the username/uid and groupname/gid mappings should
> (ideally) be identical on both the NFS client and the NFS server.
>
> So consider my home situation: I'm running two computers, each with
> local security files.
>
> I have four users: "alvin", "benny", "charles", and "david".
> I have several groups: "users" and "chefs" and "busboys".
>
> I want to define an NFS share that "alvin" and "benny" can use. My
> *expectation* at the time I'm setting this up is that any files
> appearing on those shares will have a group-owner of "chefs".
>
> So I go through, and ensure that "alvin" and "benny" each have the same
> uid on both computers. I go through and ensure that "chefs" has the
> same gid on both computers.
>
> Is there a good way for me to ensure that alvin doesn't create, on the
> shares, a file owned by the busboys group?
>
I believe that the only way for alvin to create those files is by
pretending he has the busboys permission. If there is no way he can have
those permissions without NFS on any of the machines then he shouldn't
be able to create those files while NFS is running. Or so I think.
As far as I know, permissions is a weak point for NFS.
> (The reason I don't want this to happen is that I've taken no steps to
> ensure that both computers have the same groupid for the "busboys"
> group. I don't want the resulting permissions confusion to ensue.)
>
As far as I know, this is not recommended. Since permissions is a weak
point of NFS, the recommended way to go is to have exactly the same id/gid
on any participating machine.
Reply to: