Re: [Fink-users] fink (fwd)

Sat, 06 Apr 2002 10:04:35 -0800 

On Fri, Apr 05, 2002 at 09:14:58PM -0600, Chris Devers wrote:
>     > 
>     > > How I can make fink install into a shared network directory
>     > > (e.g. a public home directory on our netinfo network) so
>     > > others can run binaries from there.. 
>     > 
>     root _cannot_ write to the shared directory.  It's some weird NFS
>     thing I don't really understand, but it's as designed.
> 
>     i.e. even if we're logged in as our netinfo acct, we have admin 
>     privs on our own (local) system, but NOT on NFS mounted directories. 
> 

For security reasons the default for mounted filesystems (NFS
and otherwise) is to dissallow root access (UID=0) from the client
machine. The mount command however, as options to override this
behavior.

>From the exports(5) man page:

  User ID Mapping
       nfsd bases its access  control  to  files  on  the  server
       machine  on  the  uid  and  gid  provided  in each NFS RPC
       request. The normal behavior a user would expect  is  that
       she  can  access her files on the server just as she would
       on a normal file system. This requires that the same  uids
       and  gids  are  used on the client and the server machine.
       This is not always true, nor is it always desirable.

       Very often, it is not desirable that the root  user  on  a
       client  machine  is  also  treated  as root when accessing
       files on the NFS server. To this end, uid  0  is  normally
       mapped  to  a  different  id:  the  so-called anonymous or
       nobody uid. This mode of operation (called  `root  squash
       ing')   is  the  default,  and  can  be  turned  off  with
       no_root_squash.

so, if you mount the shared directory w/ the 'no_root_squash' option,
you will be able to access as root from a client machine.

I don't know the netinfo syntax off-hand, but you can use the fstab
import facility to build the entry from a file in exports format,
e.g.:

        /sw     my.client.machine(rw,no_root_squash)

should let root on my.client.machine access /sw on the server w/ root
access.

I have not tested these instructions, but they should be close to correct.

rick



_______________________________________________
Fink-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-users

Reply via email to