Solved

NFS file permissions

Posted on 2003-11-04
8
1,925 Views
Last Modified: 2009-12-16
Hii all ,

  I set up a NFS file system on my RedHat 7.1 server . I have successfully exported a directory on one server and I am able to mount it on the another server . I have exported the file with rw permissions. My problem is that when ever i write a file or data on the mounted directory then owner and group membership changes across the server . I see a totally different user as the owner of this file . How can I set this up so that both the users to be are same on both the side or if i can map a single user to be the owner for this directory.
  Hope U will be able to help me

Thanks and regards

Anup
 
0
Comment
Question by:anupnellip
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 9677727
As far as linux sees it the file is owned by the UID / GID ,which it reads from its local /etc/hosts & /etc/group files.
What is probably happening is user bob (UID 1001) is changing the file on Server2, then server1 looks up the UID 1001 in its own /etc/hosts and sees that is user fred.
The way to prevent this is to keep the hosts / groups in sync between your servers.  You can either do this manually or use a ditributed user service such as NIS, NIS+ or LDAP
0
 
LVL 10

Author Comment

by:anupnellip
ID: 9677760
Hii liddler

 Thanks for the reply . I believe wha u said is right . How can i sync user id manually . I only need to do this once as there r not many users
Thanks

Anup
0
 
LVL 18

Accepted Solution

by:
liddler earned 200 total points
ID: 9677859
Decide which machine is your master, then change the UID on the second machine, either by manually editing the /etc/hosts file or using usermod -u <New UID> username.
For groups either change /etc/group of usermod -g
However, your will then have to change their home directory (and other directory they currently own) to the new UID / GID.  i.e.
chown -R <New UID>:<New GID> /home/username
I'd do a full backup before starting this and I'd let the users know you are doing it, and if you get any problems with programs not working as they did before, check permissions and / or ownerships on executeables / logs /temp dir etc
0
 
LVL 18

Expert Comment

by:liddler
ID: 9678055
Sorry, for some old reason I kept typing /etc/hosts , when I meant /etc/passwd
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 6

Expert Comment

by:bummerlord
ID: 9678870
and/or you can use a map file (actually not sure if nfs impl on RH7.1 supports this)

e.g. in /etc/exports
/path remotemachine(rw,no_root_squash,map_static=/etc/nfsusers.map)

To map remote uid/gid 100 and 101 to 1000, 1001 nfsusers.map could contiain:
---
uid  100   1000
gid  100   1000

uid 101    1001
gid 101    1001
---

/b
0
 
LVL 6

Expert Comment

by:bummerlord
ID: 9678903
(If it works you could easily make a script that keeps this map file up to date of course...)
I also recall there being a special daemon for maping "daemon" accounts (what makes a daemon account would be up to you I imagine.. I've never used such a daemon I might add.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9683667
You are on the RIGHT track, the user ID, group ID should be the same. if you have only 2 boxes
the way you do it is fine.

If you have 50+,  100+, 1000+ boxes, you should thing about use NIS+/NIS/LDAP to manager the
user account. eg, use NIS+, you only need to create and modify a user account in the Master server,
and the user can login to all the boxes in your network. automount (auto_direct) is also very handy
for NFS mount filesystem.
0
 
LVL 10

Author Comment

by:anupnellip
ID: 9685087
Hii guys ,
   Thanks for guiding me in the right direction . I was able to solve the problem by using the following options in the export file
 (rw,rw,all_squash,anonuid=173,anongid=115) . As i needen only one user to be maped for this dirictory this was the ideal solution for me . anouid/anogid maps the remote user id to a single user id on local server .

Thanks

Anup

0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now