PDA

View Full Version : NFS permissions



newmab
2nd July 2007, 03:05 AM
Ok I've tried and tried. I just can't figure it out. Running NFS on FC5 with my son's computer. Exact same setup as mine. I do most maint. and admin from my computer, using his free space as a backup for mp3s and such. How can I set permissions so that when I access his computer the "server" via my computer the "client" I have all Read Write capability. When he is logged in on his computer he only has Read capability to this backup directory (so nothing accidentally gets erased).
I've tried several things and maybe I'm overlooking the answer.

Thanks

Saint Mike
2nd July 2007, 03:27 AM
how are you mounting the share? and with what options

newmab
2nd July 2007, 04:47 AM
Server
/etc/exports:
/home/backup 192.168.1.4(rw,no_root_squash,sync)

Client
/etc/fstab
192.168.1.5:/home/backup /home/austin nfs noauto,rw,user 0 0


I changed "no_root_squash" to "all_squash" and changed the permissions for the directories to
557 and that acomplished what I was wanting. Not sure if this is the best way though!

I'm still learning the ins and outs of permissions after 4 or 5 years of Linux use.

Thanks

stevea
2nd July 2007, 06:02 AM
no_root_squash causes the client root <uid,gid>=<0,0> to be treated as the server root. all_root_squash causes everybody to be treated as the anon-user. The default "root_squash" prevent client root access and everybody else appears as themselves.

If you want to mangle files on your son's server system then you need to have access privleges to the files and their directory (just as on a local system). If you have "no_root_squash" and you access the remote files as root - then you do have privileges. This is generally a bad idea since as root you are one typo away from disaster.

A better solution is to change the permissions/ownership on the remote system to match your own user perms on your local system.

Let's say your local login is "newmab" and your uid, gid are <505,505>
Type " echo $UID $GID" to see the actual numbers.

So you can access files owned by 505 with ownership permission and files in group 505 with group permission

Now look on your son's server and see what his UID & GID are. These should be different. If not you'll need to change one or the other.

From your description I assume you want your son to have read-access and you want full access to the same directory structure.

You could make all the files there be owned by you & your group and then give read-only permission to "other".
There are other possible configurations.

To change ownership & group of the file on the server you'll need to
chown -R 505:505 /home/share-dir
to change permissions so that you can access them your want to
chmod -R u+rwx /home/share-dir # owners permissions
chmod -R g+rwx /home/share-dir # group permissions
chmod -R o+rx /home/share-dir # other users permissions

Actually you'll want to be a lot more subtle than the command above for permissions. You dont really want to make all the files executable for the user and the group. The existing user & group perms are probably fine so the first two chmods above are probably unecessary.

When changing permissions for "other" (your son) you'll want to make the files and directories non-writable, *but you'll want to leave them readable. In the case of directories the "executable" bit has a special meaningas "searchable", so you want to leave the directories searchable by "other"

I think the only chmod needed is this perhaps ...
chmod -R o-w /home/share-dir