Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
nfs root_squash
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Thu Mar 08, 2012 10:39 am    Post subject: nfs root_squash Reply with quote

Hi,

I export a single directory over nfs on machine a that is mounted as rootfs on machine b.
machine b wants to do some chown calls and the like.
the directory that is exported is in /home/foouser and therefore the exported files are owned by foouser.
to make this work i tried the following line in /etc/exports:
Code:
/home/foouser/abcd 192.168.233.0/255.255.255.0(rw,async,root_squash,no_subtree_check,anonuid=1000,anongid=1000)

where 1000 is the uid and gid of user foouser.
when the filesystem is mounted, the existing files are owned by 1000:1000.
the problem is as follows:
Code:
# id
uid=0(root) gid=0(root) groups=0(root)
# touch x
# ls -l x
-rw-r--r--    1 1000     1000             0 x
# chown root:root x
chown: x: Operation not permitted
#

Shouldn't this work?
Any hints welcome.
Thanks in advance.

EDIT:
it's not an option to use no_root_squashing.
that would make chown work but has the implicaiton that there are files owned by root in the home directory of foouser.
this is not acceptable, all files must be owned by foouser on the nfs server.
what i am searching for is a mapping of root on machine b to foouser on machine a.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46296
Location: 56N 3W

PostPosted: Thu Mar 08, 2012 8:09 pm    Post subject: Reply with quote

alex.blackbit,

This fails as root is not an anonuid. Its user ID 0 on both boxes, so root_squash applies and root is mapped to nobody.
nobody has no disk access at all, it fails. The idea is to prevent root users on boex mounting the exported fs from being root on th exporting box.

Any userID that does not exist on the exporting box will be mapped to anonuid, so <random_user> will be able to do what you want but not root.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Fri Mar 09, 2012 9:14 am    Post subject: Reply with quote

NeddySeagoon,

thanks for your answer.
Your explanation was very detailed, I got the point.
Are you aware of any solution for my scenario?
on the nfs client it should be possible to have files which are owned by root (uid 0).
these files should be owned by a given other uid on the nfs server.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46296
Location: 56N 3W

PostPosted: Fri Mar 09, 2012 7:51 pm    Post subject: Reply with quote

alex.blackbit

The problem is that the nfs client does not own its own filesystem. If userIDs (names don't matter) on both systems match, both systems assume the files belong to the same user.
If great care is not taken to maintain the userID to username mapping on both systems odd resutls happen. Like usr foo appearing to own user bar files if they swap systems.

I can't think of a clean solution. You could give root a different userID on the client. This will break all those applications the have userID 0 hard coded as root.
You could make a new rootish user on the client with the accesses you need but they would not be able to do userID 0 tasks to the client filesystem as they would also be userID 0 on the host.
That means we come back to no_root_squash.

Thats a long winded way of saying 'No'.

--- edit ---

Well, you can ssh into the host, sudo su - and tinker with the client fs that way.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Sat Mar 10, 2012 8:38 am    Post subject: Reply with quote

thanks a lot for your time.
The problem is not solved, but the situation is _very_ clear now.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum