Re: NFS permissions question
Christian Convey wrote:
My understanding of NFS permissions is that for any file appearing on an
NFS share, the username/uid and groupname/gid mappings should (ideally)
be identical on both the NFS client and the NFS server.
So consider my home situation: I'm running two computers, each with
local security files.
I have four users: "alvin", "benny", "charles", and "david".
I have several groups: "users" and "chefs" and "busboys".
I want to define an NFS share that "alvin" and "benny" can use. My
*expectation* at the time I'm setting this up is that any files
appearing on those shares will have a group-owner of "chefs".
So I go through, and ensure that "alvin" and "benny" each have the same
uid on both computers. I go through and ensure that "chefs" has the same
gid on both computers.
Is there a good way for me to ensure that alvin doesn't create, on the
shares, a file owned by the busboys group?
I probably completely misunderstand what you want, but wouldn't making
the shares owned by group "chefs", and setting the setgid bit on the
director fix it? (that would probably have to be don on the NFS server)
$ mkdir audio
$ chown joostje:audio audio
$ chmod g+s audio
$ chmod g+w audio
$ cd audio/
$ touch file
$ su otheruser
$ touch otherfile
$ ls -al
drwxr-sr-x 2 joostje audio 4096 2004-11-18 22:58 .
drwxr-xr-x 7 joostje joostje 4096 2004-11-18 22:58 ..
-rw-r--r-- 1 joostje audio 0 2004-11-18 22:58 file
-rw-r--r-- 1 otheruser audio 0 2004-11-18 22:59 otherfile
i.e. both users "joostje" and "otheruser" can write to the dir audio,
and all files are owned by group "audio".