Hi all, I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number? Thanks, Jenny
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jenny Hopkins <hopkins.jenny@gmail.com> wrote:
Hi all,
I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number?
Not that I know of, the only way I know is by using the nfs-user-server instead of nfs-kernel-server, and then using UID mapping. So, for example, I use the following for some machines at work... snippet from /etc/exports: /home/username usersmachineip(rw,map_daemon,map_static=/etc/nfs/username.map,root_squash) where /etc/nfs/username.map looks something like: uid 0-500 - uid 501 1001 gid 0-500 - gid 501 1001 the first column is the type of mapping (uid or gid), the second column is the client ids, and the third is what to map them to. Hope that helps, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCQrzEEh8oWxevnjQRAg29AJ0epl3my2egqS5MoNC8aNmw1J1MYACffJJt QJKVwGAlQXfE+nSwd8rGn8Q= =mu9O -----END PGP SIGNATURE-----
On Thu, 24 Mar 2005 13:12:36 +0000, Brett Parker <iDunno@sommitrealweird.co.uk> wrote:
Not that I know of, the only way I know is by using the nfs-user-server instead of nfs-kernel-server, and then using UID mapping. So, for example, I use the following for some machines at work...
snippet from /etc/exports: /home/username usersmachineip(rw,map_daemon,map_static=/etc/nfs/username.map,root_squash)
where /etc/nfs/username.map looks something like: uid 0-500 - uid 501 1001 gid 0-500 - gid 501 1001
the first column is the type of mapping (uid or gid), the second column is the client ids, and the third is what to map them to.
Hope that helps,
Indeed so. I'm already using nfs-user-server. This looks like the elegant solution I hoped for. I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients? Many thanks, Jen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jenny Hopkins <hopkins.jenny@gmail.com> wrote:
Indeed so. I'm already using nfs-user-server. This looks like the elegant solution I hoped for. I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients?
Course not, just the one export because you'll only want to use that one map :) The only reason that I'm only exporting to 1 client is that that client was an EVIL OS/X laptop ;) just use a normal export with the rules in it, and all should be well :) - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCQsCKEh8oWxevnjQRAtw8AJ9PCwiWjaGbSUWYmXMZ1waDkPPO/wCeOko+ lVkLuXMREmVd0GP/FCJb42Q= =qHbx -----END PGP SIGNATURE-----
On Thu, 24 Mar 2005 13:28:42 +0000, Brett Parker <iDunno@sommitrealweird.co.uk> wrote:
I suppose the down side is that I need an entry in /etc/exports for every single client I want to connect? Even if the UID is the same for 'balloon' on all the clients?
Course not, just the one export because you'll only want to use that one map :) The only reason that I'm only exporting to 1 client is that that client was an EVIL OS/X laptop ;) just use a normal export with the rules in it, and all should be well :)
Many thanks! Jenny
On Thu, 2005-03-24 at 12:46 +0000, Jenny Hopkins wrote:
Hi all,
I have a central directory owned by user 'balloon' on my server. This can be nfs mounted onto serveral other computers, each with a user 'balloon'. However, the server UID for balloon is different from that of the clients. I'm reluctant to start changing things in /etc/passwd. Is there an elegant way to state the nfs mount with username permissions rather than number?
Thanks, Jenny
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines. This might help http://www.tldp.org/HOWTO/NIS-HOWTO Chris -- Chris ---------------------------------- E Mail: chris@glovercc.clara.co.uk SIP: 84411389@voiptalk.org IAXTEL: 17003366726
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Glover <chris@glovercc.clara.co.uk> wrote:
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines.
This might help http://www.tldp.org/HOWTO/NIS-HOWTO
NIS is evil! NIS is out of date, and NIS breaks too often... hows about using LDAP instead (though, I've never got a working LDAP setup, but then I've never spent the time to do it.) In other news, the nfs-user-server and mapping works quite well, and Jenny seems to have got that all working now (from talking to her on IRC), so I'm sure she'll not worry about evil central user manglement just yet ;) Cheers, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCQvULEh8oWxevnjQRAoc5AJwNQQ8BNWI65oyIIfGUYrg76u7k8QCfawXR O8lZmP8lGtFU4KkDvopEAPQ= =PXd7 -----END PGP SIGNATURE-----
On Thursday 24 March 2005 17:12, Brett Parker wrote: LDAP is the way to go. You can set all sorts up in it, DNS,DHCP mail and others. It is fairly easy to set up. The time is in getting the structure correct.
Chris Glover <chris@glovercc.clara.co.uk> wrote:
How about making your central fileserver a NIS server? Then on your local machines run ypbind. You'll need to delete the local user entries from /etc/passwd on the client machines.
This might help http://www.tldp.org/HOWTO/NIS-HOWTO
NIS is evil! NIS is out of date, and NIS breaks too often... hows about using LDAP instead (though, I've never got a working LDAP setup, but then I've never spent the time to do it.)
In other news, the nfs-user-server and mapping works quite well, and Jenny seems to have got that all working now (from talking to her on IRC), so I'm sure she'll not worry about evil central user manglement just yet ;)
Cheers,
-- Regards Andy Trevor Technical Director Cutter Project Limited http://www.cutterproject.co.uk
little off topic but www.brainbench.com are offering free certifications till the end of the month in various subjects, and although alot of them are US centric a few more random qualifications can never hurt a CV. inc. Linux Administration (General) Linux Administration (Red Hat 9) Linux Administration (Red Hat) Linux Administration (SuSE) Linux Programming (General) Unix Administration (AIX) Unix Administration (General) Unix Administration (HP) Unix Administration (Solaris 8) Unix Administration (Solaris) Unix Korn Shell Scripting Unix Programming (General) Rick
participants (5)
-
Andy Trevor -
Brett Parker -
Chris Glover -
Jenny Hopkins -
Ricky Bruce