Solved

AIX and Red Hat - Automount and ACLs

Posted on 2013-01-16
10
731 Views
Last Modified: 2013-02-01
The environment is about 6 servers. I'm trying to create a centralized ACL master location, to keep all my acl files in one location. However, I want to utilize automount to make the master ACL directory on one server available across the remainder of the 5 servers. ACL and automount is not utilized in this environment, so it would be a scratch setup. Is this possible to setup? What is needed to have automount working (filesets, install)? Or is there an easier way to do this?
0
Comment
Question by:AIX25
  • 5
  • 4
10 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 38785199
AIX and Linux have filesystem ACLs conformant with POSIX standard.
Redhat 6 and AIX 6 supports NFSv4 to allow them to be seen over network

ACL is for file (access control list) like rwx attributes, not some access policy on TACACS server
0
 

Author Comment

by:AIX25
ID: 38785229
Can you give me a high level break down of how I go about setting this up? Do I need to setup anything with automounter? NFS? Any insight on this?
0
 
LVL 62

Expert Comment

by:gheist
ID: 38786045
... Check you have some ACL in file system on some file
... export the file system
... mount
... try chacl command on client


If it is not so easy check cllient mount if it is v4 or not
Check server with rpcinfo (if v4 is served)

Read docs etc to enable missing v4 on server if needed (i think aix enables highest version already)

Remount the volume on Linux with nfsv4 flag (there are like 4 in "man nfs" alone)
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:AIX25
ID: 38786132
I want to set this up with automount on Redhat, any more details on that? I know how to NFS mount, no problem, but I'm not familiar with automounter??
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 38786729
RedHat should automatically have the autofs kernel support installed.

The required userspace package is "nfs-utils", either from the "NFS file server" or from the "'Network File System Client" group.

Here is a short but concise tutorial on autofs from RedHat:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Storage_Administration_Guide/s2-nfs-config-autofs.html

and here is the "autofs" part of the Storage Administration Guide:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s1-nfs-client-config-autofs.html

Basically you'll have to create or edit the /etc/auto.master file to specify your mount points and automount maps.

Next you will create these automount maps according to the format described in the above tutorial.

Don't forget to specify the "acl" option in the map(s), otherwise you won't see the ACLs on the clients.

Finally you must start the autofs service and that's it.

All the above must be done on the clients. The NFS server exports its shares as usual, it doesn't care whether the clients are using autofs or not.

Please let me know if you need instructions for AIX autofs as well.
0
 
LVL 62

Expert Comment

by:gheist
ID: 38841949
I do not get why you cannot just mount NFS.... with mount command.... and enter in fstab...

automount maps are to mount same set of volumes on NIS-network etc... having them on each system is a plain burden compared to NFS....

ACL and NFSv4 are defaults on RHEL6 and AIX6
0
 

Author Comment

by:AIX25
ID: 38842439
@gheist. I'm going to create a master repository location of ACLs on one server that I want to make ACL FS available across all other servers in the environment. Do you have a better way to do this? Please let me know.
0
 
LVL 62

Expert Comment

by:gheist
ID: 38842729
ACLs like permissions are attached to files... Thus central location is filesystem itself...
You can share mount configuration (automounts) and user configuration via LDAP (even Active Directory can do it)
0
 

Author Comment

by:AIX25
ID: 38843452
Ok, I'm kind of understanding what you mean. Should I open another question to have you explain this in a more high level. Not sure how I would integrate UNIX ACLs with LDAP or Acitive Directory? Or, is the current setup I'm going with good?
0
 
LVL 62

Expert Comment

by:gheist
ID: 38844226
Access list contains permissions and UIDs. You can serve UID and mount point config from NIS, LDAP, etc... check graphic config tools on your system
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Red Hat 7 Linux on Azure cannot run a command as root 22 53
winscp 000webhost.com 6 74
LogmeIn using Linux Ubuntu 16.04 6 63
list of sudo access for date range 5 29
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question