On 05/09/2012 06:18 PM, Steven Jones wrote:

Thanks so I will remove the sec=sys bit and re-test..and then I
assume it will be kerberos only.....

This is not true, it's documented in the exports man page how you can assign different permissions depending on the security type. For example:

/nfsroot/stuff *(crossmnt,no_subtree_check,async,sec=krb5p,rw,root_squash,sec=sys,ro,all_squash)

This makes it so users with valid kerberos creds have rw access (though root is squashed). W/o a kerberos ticket, a user can still read stuff, but all ownership information is squashed.

Freeipa-users mailing list

Reply via email to