[SGVLUG] NFS question
Claude Felizardo
cafelizardo at gmail.com
Tue May 2 15:11:48 PDT 2006
Rat's didn't notice Tom's reply until now...
On 5/2/06, Emerson, Tom <Tom.Emerson at wbconsultant.com> wrote:
> > -----Original Message----- Of Claude Felizardo
> >
> > After self administering my own Linux box for nearly a year,
> > I finally got my machine added to the list of hosts which may
> > mount from the Solaris NFS server for my project. [...]
> > However I've run into the problem that my userid on Linux and
> > Solaris don't match.[...]
> > really don't want to have to change the userid on my Linux box
> > [...is anyone...]
> > aware of any program that will allow me to remap userid's?
>
> >From the server, in the "/etc/exports" file, you can tell it to remap
> the incoming connection. In particular, you set the "anonymous"
> user/group ID and include the option "all_squash" to force the use of
> the anon user ID. Unfortunately, this method requires that you have
> access to the server machine [and if it took you this long to get access
> in the first place, consider how long it will take for them to set the
> user ID info properly, if they can do it at all...]
>
> >From the man page:
> # man exports
> ...
> Here's the complete list of mapping options:
>
> root_squash
> Map requests from uid/gid 0 to the anonymous
> uid/gid. Note that this does not apply to any other
> uids that might be equally sensitive, such as user
> bin.
>
> no_root_squash
> Turn off root squashing. This option is mainly use-
> ful for diskless clients.
>
> all_squash
> Map all uids and gids to the anonymous user. Useful
> for NFS-exported public FTP directories, news spool
> directories, etc. The opposite option is
> no_all_squash, which is the default setting.
>
> anonuid and anongid
> These options explicitly set the uid and gid of the
> anonymous account. This option is primarily useful
> for PC/NFS clients, where you might want all
> requests appear to be from one user. As an example,
> consider the export entry for /home/joe in the
> example section below, which maps all requests to
> uid 150 (which is supposedly that of user joe).
>
>
> EXAMPLE
> # sample /etc/exports file
> / master(rw) trusty(rw,no_root_squash)
> /projects proj*.local.domain(rw)
> /usr *.local.domain(ro) @trusted(rw)
> /home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
> /pub (ro,insecure,all_squash)
> -------------------
>
> > there's a guy ... has a windoze box ... uses ... NFS Maestro
> > ... apparently lets him enter his UNIX
> > username/password to access his Solaris home directory.
>
> Consider, for the moment, the fact that the "windows" box doesn't
> necessarilly have the same notion of "user ID's" as a unix/linux server,
> so the NFS client has to get that info the the server somehow. I'm
> curious, however, as to how security is treated (i.e., can the guy claim
> to be "root"?) Now that I think about it, using "sfu" [microsoft's
> "services for unix"] to mount NFS shares on my windows system, I have to
> provide my mapping of "local user" to "remote user" using a
> configuration utility -- just checking, I see it can use NIS as a source
> of "unix" account information.
Exactly. That's why I'm thinking there's got to be a Linux program
that does just that. Don't think you can use it to become root as
you still have to supply the password plus you'd still have to contend
with root_squash which is the default.
> I thought that in the fstab/mount options you could specify "connect as
> user...", but a quick review of man mount (or nfs) does not reveal a
> mount option for this.
nope. i checked there to. There's a uid=xxx option for some file
systems but not for nfs.
Another option is to use something like sshfs but why jump through all
those hoops if all I have to do is change my userid?
claude
More information about the SGVLUG
mailing list