[SGVLUG] NFS question

Emerson, Tom Tom.Emerson at wbconsultant.com
Tue May 2 14:44:10 PDT 2006


> -----Original Message----- Of Claude Felizardo
> 
> After self administering my own Linux box for nearly a year, 
> I finally got my machine added to the list of hosts which may 
> mount from the Solaris NFS server for my project.  [...]
> However I've run into the problem that my userid on Linux and 
> Solaris don't match.[...]
> really don't want to have to change the userid on my Linux box 
> [...is anyone...]
> aware of any program that will allow me to remap userid's?
 
>From the server, in the "/etc/exports" file, you can tell it to remap
the incoming connection.  In particular, you set the "anonymous"
user/group ID and include the option "all_squash" to force the use of
the anon user ID.  Unfortunately, this method requires that you have
access to the server machine [and if it took you this long to get access
in the first place, consider how long it will take for them to set the
user ID info properly, if they can do it at all...]

>From the man page:
# man exports
...
       Here's the complete list of mapping options:

       root_squash
              Map  requests  from  uid/gid  0  to  the  anonymous
              uid/gid. Note that this does not apply to any other
              uids that might be equally sensitive, such as  user
              bin.

       no_root_squash
              Turn off root squashing. This option is mainly use-
              ful for diskless clients.

       all_squash
              Map all uids and gids to the anonymous user. Useful
              for NFS-exported public FTP directories, news spool
              directories,   etc.   The   opposite   option    is
              no_all_squash, which is the default setting.

       anonuid and anongid
              These options explicitly set the uid and gid of the
              anonymous account.  This option is primarily useful
              for  PC/NFS  clients,  where  you  might  want  all
              requests appear to be from one user. As an example,
              consider  the  export  entry  for  /home/joe in the
              example section below, which maps all  requests  to
              uid 150 (which is supposedly that of user joe).


EXAMPLE
       # sample /etc/exports file
       /               master(rw) trusty(rw,no_root_squash)
       /projects       proj*.local.domain(rw)
       /usr            *.local.domain(ro) @trusted(rw)
       /home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
       /pub            (ro,insecure,all_squash)
-------------------

> there's a guy ... has a windoze box ... uses ... NFS Maestro 
> ... apparently lets him enter his UNIX 
> username/password to access his Solaris home directory. 

Consider, for the moment, the fact that the "windows" box doesn't
necessarilly have the same notion of "user ID's" as a unix/linux server,
so the NFS client has to get that info the the server somehow.  I'm
curious, however, as to how security is treated (i.e., can the guy claim
to be "root"?)  Now that I think about it, using "sfu" [microsoft's
"services for unix"] to mount NFS shares on my windows system, I have to
provide my mapping of "local user" to "remote user" using a
configuration utility -- just checking, I see it can use NIS as a source
of "unix" account information.

I thought that in the fstab/mount options you could specify "connect as
user...", but a quick review of man mount (or nfs) does not reveal a
mount option for this.


More information about the SGVLUG mailing list