[plug] NFS permissions / ownership issue

Russell Steicke r.steicke at bom.gov.au
Thu Feb 17 15:20:50 WST 2005 

On Thu, Feb 17, 2005 at 02:40:55PM +0800, Denis Brown wrote:
...
> On the client (workstation) machine the same user "fred" *USED TO HAVE* a 
> gid of 1001 and all worked swimmingly.
> 
> Then the Gentoo box became the subject of a reload and I was only partly 
> involved in that.   When my colleague set up accounts on the rebuilt Gentoo 
> box, the "fred" account got gid 1002 because that was the third user 
> account established.   My colleague set themselves up as the second user 
> (let's say tom:1001) Now when the nfs mount happens, the files at 
> /mountpoint are all apparently owned by
> tom:1001 and any attempts to change them, even by root, result in 
> permission denied.

You can't change the ownership as root because nfs does "root
squashing" by default, which means that any access by uid=0 is mapped
to uid=65534 or whatever "nobody" is on the server.  You can disable
this by adding no_root_squash to the export.  ie

  /data client_dns_name(rw,no_root_squash)


> Question:   what is the SIMPLEST way out of this conundrum?   I could 
> change the workstation gid I suppose but then I have a user with a fair 
> commitment to files/data already known under that gid.   I would prefer not 
> to change the Debian side, unless people feel that would be easier... I 
> have some 95GB of data on it for that user.

Changing the uid on the client isn't that hard, really, and is
probably the solution that will surprise you the least in the long
term.  Just make sure the user isn't logged in anywhere and edit
/etc/passwd.  Then do a recursive chown in the home dir, change
ownership of his crontab (/var/spool/cron/crontabs/username ?), remove
everything in /tmp owned by the user, and look in /var/tmp as well.
KDE saves some things in /var/tmp, at least on debian.

If you really don't want to do that, have a look at the map_static
option in /etc/exports.  It is unclear from the man page I have
whether this can be made to apply to just one client, but you should
be able to work that out.



-- 
Russell Steicke

-- Fortune says:
Just don't make the '9' format pack/unpack numbers...  :-)
             -- Larry Wall in <199710091434.HAA00838 at wall.org>

More information about the plug mailing list