[NTLUG:Discuss] NFS ownership
rp8034l
rp8034l at flash.net
Mon Aug 20 19:26:36 CDT 2012
On 08/20/12 17:59, Ralph Green wrote:
> Howdy,
> I ran across something with a file server I setup this week that I
> need a little help with. I setup a file server and all of the clients
> are going to be Linux machines. So, I thought sharing the directory
> as an NFS mount made sense.
When using an NFS share, the classic solution is for all servers and
clients to use the same user/group database. Typically YP, LDAP or a
similar service is used to share the user/group database.
- - -
You can get by if all the systems use the same users & groups and UID &
GID numbers. (Yes, the UID & GID numbers are *more* *important* than the
user & group names themselves...)
Drawbacks are:
1) Higher administrative effort; the system administrator is responsible
for keeping the user/group databases updated & synchronized.
2) User confusion from lack of synchronization. For example, if user
"joecool" on "clientsystem1" changes his password, it does NOT update
the password for "joecool" on "clientsystem2".
- - -
The servers and clients do not all need to use the same O/S. I have been
in at least one shop where YP was used to share the same user/group
database to both Solaris & Linux systems.
- - - - - - - - - - - - - -
The other option is to disable user/group security for the NFS share.
Under Linux, this is done with the "all_squash" option in the NFS share
control file /etc/exports.
Drawbacks are:
1) Significantly reduced security.
- - - - - - - - - - - - - -
Hope that helps
---------------
Richard P
More information about the Discuss
mailing list