Hi all,
I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number?
Thanks, Jenny
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jenny Hopkins hopkins.jenny@gmail.com wrote:
Hi all,
I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number?
Not that I know of, the only way I know is by using the nfs-user-server instead of nfs-kernel-server, and then using UID mapping. So, for example, I use the following for some machines at work...
snippet from /etc/exports: /home/username usersmachineip(rw,map_daemon,map_static=/etc/nfs/username.map,root_squash)
where /etc/nfs/username.map looks something like: uid 0-500 - uid 501 1001 gid 0-500 - gid 501 1001
the first column is the type of mapping (uid or gid), the second column is the client ids, and the third is what to map them to.
Hope that helps, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
On Thu, 24 Mar 2005 13:12:36 +0000, Brett Parker iDunno@sommitrealweird.co.uk wrote:
Not that I know of, the only way I know is by using the nfs-user-server instead of nfs-kernel-server, and then using UID mapping. So, for example, I use the following for some machines at work...
snippet from /etc/exports: /home/username usersmachineip(rw,map_daemon,map_static=/etc/nfs/username.map,root_squash)
where /etc/nfs/username.map looks something like: uid 0-500 - uid 501 1001 gid 0-500 - gid 501 1001
the first column is the type of mapping (uid or gid), the second column is the client ids, and the third is what to map them to.
Hope that helps,
Indeed so. I'm already using nfs-user-server. This looks like the elegant solution I hoped for. I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients? Many thanks, Jen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jenny Hopkins hopkins.jenny@gmail.com wrote:
Indeed so. I'm already using nfs-user-server. This looks like the elegant solution I hoped for. I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients?
Course not, just the one export because you'll only want to use that one map :) The only reason that I'm only exporting to 1 client is that that client was an EVIL OS/X laptop ;) just use a normal export with the rules in it, and all should be well :) - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
On Thu, 24 Mar 2005 13:28:42 +0000, Brett Parker iDunno@sommitrealweird.co.uk wrote:
I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients?
Course not, just the one export because you'll only want to use that one map :) The only reason that I'm only exporting to 1 client is that that client was an EVIL OS/X laptop ;) just use a normal export with the rules in it, and all should be well :)
Many thanks!
Jenny
On Thu, 2005-03-24 at 12:46 +0000, Jenny Hopkins wrote:
Hi all,
I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number?
Thanks, Jenny
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines.
This might help http://www.tldp.org/HOWTO/NIS-HOWTO
Chris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Chris Glover chris@glovercc.clara.co.uk wrote:
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines.
This might help http://www.tldp.org/HOWTO/NIS-HOWTO
NIS is evil! NIS is out of date, and NIS breaks too often... hows about using LDAP instead (though, I've never got a working LDAP setup, but then I've never spent the time to do it.)
In other news, the nfs-user-server and mapping works quite well, and Jenny seems to have got that all working now (from talking to her on IRC), so I'm sure she'll not worry about evil central user manglement just yet ;)
Cheers, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
On Thursday 24 March 2005 17:12, Brett Parker wrote: LDAP is the way to go. You can set all sorts up in it, DNS,DHCP mail and others. It is fairly easy to set up. The time is in getting the structure correct.
Chris Glover chris@glovercc.clara.co.uk wrote:
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines.
This might help http://www.tldp.org/HOWTO/NIS-HOWTO
NIS is evil! NIS is out of date, and NIS breaks too often... hows about using LDAP instead (though, I've never got a working LDAP setup, but then I've never spent the time to do it.)
In other news, the nfs-user-server and mapping works quite well, and Jenny seems to have got that all working now (from talking to her on IRC), so I'm sure she'll not worry about evil central user manglement just yet ;)
Cheers,
little off topic but www.brainbench.com are offering free certifications till the end of the month in various subjects, and although alot of them are US centric a few more random qualifications can never hurt a CV.
inc.
Linux Administration (General) Linux Administration (Red Hat 9) Linux Administration (Red Hat) Linux Administration (SuSE) Linux Programming (General) Unix Administration (AIX) Unix Administration (General) Unix Administration (HP) Unix Administration (Solaris 8) Unix Administration (Solaris) Unix Korn Shell Scripting Unix Programming (General)
Rick
-
Andy Trevor -
Brett Parker -
Chris Glover -
Jenny Hopkins -
Ricky Bruce