First of all, thanks a lot for taking a look into this. I really appreciate the time and effort.
On Tue, Apr 20, 2010 at 9:39 AM, Tom Haynes <[email protected]> wrote: > RPC: ----- SUN RPC Header ----- > RPC: > RPC: Record Mark: last fragment, length = 216 > RPC: Transaction id = 3359327889 > RPC: Type = 0 (Call) > RPC: RPC version = 2 > RPC: Program = 100003 (NFS), version = 4, procedure = 1 > RPC: Credentials: Flavor = 1 (Unix), len = 40 bytes > RPC: Time = 19-Apr-10 16:40:04 > RPC: Hostname = shawn-desktop > RPC: Uid = 0, Gid = 0 > > This means you are doing the action as root, which makes > sense as it is a mount. > > RPC: Groups = 10 > RPC: Verifier : Flavor = 0 (None), len = 0 bytes > RPC: > NFS: ----- Sun NFS ----- > NFS: > NFS: Proc = 1 (Compound) > NFS: Tag = mount > NFS: Minor version = 0 > NFS: Number of operations = 11 > NFS: > NFS: Op = 24 (PUTROOTFH) > NFS: > NFS: Op = 10 (GETFH) > NFS: > NFS: Op = 15 (LOOKUP) > NFS: tank > NFS: > NFS: Op = 10 (GETFH) > NFS: > > And a quick check shows this as well: > > [th199...@ultralord ~]> grep -i uid snoop.txt > RPC: Uid = 0, Gid = 0 > RPC: Uid = 0, Gid = 0 > RPC: Uid = 0, Gid = 0 > RPC: Uid = 0, Gid = 0 > RPC: Uid = 0, Gid = 0 > > The question is why is the automounter sending all the requests as root? > > I'm not an automounter expert. :-> > > I tried this example out and I saw my uid finally go across the wire. > What example did you try and how did you try it? How do I get my UID to go across the wire? > > I think you ACL is too restrictive - which adding nobody effectively shows. > I'm not sure I agree with that. The share in question is for my (I'm Shawn) eyes only. I have multiple users on the system and don't want them to access my files. Is there a way to prevent others from accessing my files yet have less-restrictive ACLs? > > The other piece of the puzzle is that root will get mapped to be the anon > user id, which is also "nobody". > > > I was under the impression that autofs would send my UID across the wire... Meaning not mapping as nobody. Maybe LDAP is after all the answer here? _______________________________________________ nfs-discuss mailing list [email protected]
