Re: [gentoo-user] [nfs] nfs mount settings
Alan McKinnon writes: Golden rule with nfs: It was designed for the case of a diskless client mounts it's home or root directories over the network, while exporting passwd and shadow files over NIS. That is evident in it's design and there is no facility to change uids and gids on the fly. man 5 exports (at least my localized german version) lists the map_daemon option, which allows mapping of UIDs / GIDs between server and client. This needs the rpc.ugidd to be running on server side. I never did this, I don't even know where to get rpc.ugidd from, and I'm pretty sure it won't work at all with opensolaris, but at least with linux it should be possible then, theoretically. Wonko
Re: [gentoo-user] [nfs] nfs mount settings
On Tuesday 28 July 2009 09:39:40 Alex Schuster wrote: Alan McKinnon writes: Golden rule with nfs: It was designed for the case of a diskless client mounts it's home or root directories over the network, while exporting passwd and shadow files over NIS. That is evident in it's design and there is no facility to change uids and gids on the fly. man 5 exports (at least my localized german version) lists the map_daemon option, which allows mapping of UIDs / GIDs between server and client. This needs the rpc.ugidd to be running on server side. I never did this, I don't even know where to get rpc.ugidd from, and I'm pretty sure it won't work at all with opensolaris, but at least with linux it should be possible then, theoretically. Wonko That's good to know - I don't have anything like that here in my man pages. I have nfs-utils-1.2.0, what version are you running? -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] [nfs] nfs mount settings
Alan McKinnon writes: On Tuesday 28 July 2009 09:39:40 Alex Schuster wrote: man 5 exports (at least my localized german version) lists the map_daemon option, which allows mapping of UIDs / GIDs between server and client. This needs the rpc.ugidd to be running on server side. I never did this, I don't even know where to get rpc.ugidd from, and I'm pretty sure it won't work at all with opensolaris, but at least with linux it should be possible then, theoretically. That's good to know - I don't have anything like that here in my man pages. Well, at east the sed man page in german is quite different from the englisch one, maybe that's the case here, too. Does yours explain the (no_)subtree_check option? I had t look them up online. I have nfs-utils-1.2.0, what version are you running? 1.1.4-r1. Bug #116269 from end of 2005 misses the rpc.ugidd, the answer there is that nfs-utils does not yet support it. And I doubt it ever will, I just read that this is a feature of user space NFS, which seems to be deprecated. A kernel based NFS does not have it. So, so seem to be right, ID mapping just is not possible (any more). But what about NFS v4? Is has user authentification, maybe then there's a mapping feature, too? Wonko
Re: [gentoo-user] [nfs] nfs mount settings
On Monday 27 July 2009 03:18:34 Harry Putnam wrote: I'm not that familiar with nfs usage ... only used lightly a few times. I have an opensolaris nfs server serving a share to my gentoo box. The mount point is set as owner:group of my user (reader). Also has the set-gid bit set. ls -ld /projects drwxr-sr-x 2 reader wheel 48 Jun 24 07:08 /projects And the mount settings in /etc/fstab (zfs is the hostname of the opensolaris server) zfs:/projects /projectsnfs noauto,users,exec,dev 0 0 With those settings my user or root can mount it. When its mounted the permissions change to this: ls -ld /projects drwxr-sr-x+ 13 reader man 14 Jul 25 09:47 /projects Whats with the `man' group? The way nfs works is that it takes a remote filesystem and *mounts* it locally, exactly as if it were a local filesystem. It is not a share. The inodes are exported over nfs and that directory is owned by a group with gid of say X. On your local machine that gid just happens to be the man group. There is nothing much you can do about this except: Renumber your gid's locally to match the nfs server, or renumber the nfs share gids to match your local machine Also, when mounted I find when I try to copy somethihng with the -a option, which tries to maintain any permission settings. It causes an error warning... (although the copy is done). cp -a file file1 cp: preserving permissions for `file1': Operation not supported Full paths please. I can't see which way the copy is going. I suspect that your user on the nfs server is not a member of the group that has the same gid as your local man group. And the files permissions end up: ls -l file* -rw-r--r--+ 1 reader man223962 Jul 26 15:56 file -rw-r--r--+ 1 reader reader 223962 Jul 26 15:56 file1 Is there some way to set it up so that permissions can be copied? Also to alow the set-gid setting to work? Golden rule with nfs: It was designed for the case of a diskless client mounts it's home or root directories over the network, while exporting passwd and shadow files over NIS. That is evident in it's design and there is no facility to change uids and gids on the fly. You do not authenticate with nfs, the server assumes that the request coming from the client is OK and treats it exactly as it would a request from a local user on a local disk. This is the primary reason why nfs performs so well. It is up to you to make sure your uids and gids everywhere match and work. nfs cannot and will not help with this. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] [nfs] nfs mount settings
On 27 Jul 2009, at 02:18, Harry Putnam wrote: ... I have an opensolaris nfs server serving a share to my gentoo box. The mount point is set as owner:group of my user (reader). ... ls -ld /projects drwxr-sr-x 2 reader wheel 48 Jun 24 07:08 /projects ... When its mounted the permissions change to this: ls -ld /projects drwxr-sr-x+ 13 reader man 14 Jul 25 09:47 /projects Further to A McK's reply, suggest use of `ls -ln`. Assuming the -n is supported on Slowaris all will become clear. Stroller.
Re: [gentoo-user] [nfs] nfs mount settings
Am Montag 27 Juli 2009 03:18:34 schrieb Harry Putnam: I'm not that familiar with nfs usage ... only used lightly a few times. I have an opensolaris nfs server serving a share to my gentoo box. The mount point is set as owner:group of my user (reader). Also has the set-gid bit set. ls -ld /projects drwxr-sr-x 2 reader wheel 48 Jun 24 07:08 /projects BTW: The permissions of the mount point don't matter since they can be different after the directory has been mounted. So I guess the set-gid only needs to be set on the exported directory. In fact, I would set the permissions of the mount point so that it's only writable by root so that ordinary users can't write to it while it's unmounted (a later mount would make those files invisible for as long as the directory is mounted). And finally: Using the kernel automounter (autofs) avoids 1) the need for the users option 2) users forgetting to mount the thing Bye... Dirk signature.asc Description: This is a digitally signed message part.
[gentoo-user] [nfs] nfs mount settings
I'm not that familiar with nfs usage ... only used lightly a few times. I have an opensolaris nfs server serving a share to my gentoo box. The mount point is set as owner:group of my user (reader). Also has the set-gid bit set. ls -ld /projects drwxr-sr-x 2 reader wheel 48 Jun 24 07:08 /projects And the mount settings in /etc/fstab (zfs is the hostname of the opensolaris server) zfs:/projects /projectsnfs noauto,users,exec,dev 0 0 With those settings my user or root can mount it. When its mounted the permissions change to this: ls -ld /projects drwxr-sr-x+ 13 reader man 14 Jul 25 09:47 /projects Whats with the `man' group? Also, when mounted I find when I try to copy somethihng with the -a option, which tries to maintain any permission settings. It causes an error warning... (although the copy is done). cp -a file file1 cp: preserving permissions for `file1': Operation not supported And the files permissions end up: ls -l file* -rw-r--r--+ 1 reader man223962 Jul 26 15:56 file -rw-r--r--+ 1 reader reader 223962 Jul 26 15:56 file1 Is there some way to set it up so that permissions can be copied? Also to alow the set-gid setting to work?