Re: NFSv4+Kerberos shares and ownership (root:root)

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: NFSv4+Kerberos shares and ownership (root:root)
From: Jonas Meurer <jonas@freesources.org>
Date: Tue, 09 Jun 2015 15:21:59 +0200
Message-id: <[🔎] 5576E877.70901@freesources.org>
In-reply-to: <[🔎] 5574C13E.9060307@freesources.org>
References: <[🔎] 5574C13E.9060307@freesources.org>

Hi again,

Am 08.06.2015 um 00:10 schrieb Jonas Meurer:
> I'm trying to setup a new NFSv4 server with Kerberos as authentication.
> The shares are exported as expected and I'm able to mount them using
> krb5i authentication on the NFS clients.
> 
> My problem is ownership and permission management on the exported
> shares. I need the shares and their content to be owned by root:root and
> read-write access by root to the shares on the clients is required.

I found a solution to my problem in the meantime: by adding static
mapping to idmapd and mapping the kerberos client machine credentials to
local root account on the server. The implementation is explained here:

https://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu/526820#526820

With this static mapping added, root on the client machine (who
identifies with client machine credentials at Kerberos) is mapped to
local root user on the server. That way, it's possible to own files to
root:root on Kerberos-secured NFSv4 shares.

I'm still wondering whether there's better solutions without the need
for static mapping. A drawback of static mapping is that a new mapping
is needed for every NFS client machine that needs root access to the shares.

Cheers,
 jonas

Reply to:

References:
- NFSv4+Kerberos shares and ownership (root:root)
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: Re: Disable startup services on Debian 8
Next by Date: Re: SO_REUSEPORT in wheezy backport kernel
Previous by thread: NFSv4+Kerberos shares and ownership (root:root)
Next by thread: CUPS default printer setting in Jessie
Index(es):
- Date
- Thread