Under Redhat, if I export a folder as an NFS mount, does the folder have to have RW for users/groups/others? Right now /storage/software is -rwxr-xr-x root/root
i.e. /etc/exportfs
/storage/software *(rw,sync)
On my client, I can mount but I can't write. I'm using a regular user and NOT root. I think "no_root_squash" fixes it but I really don't want that. Then again, nor do I want to have to chmod 777 the folder on the server.
-
You should have the same user IDs and group IDs on both servers. At least those that will use the NFS folder.
luckytaxi : Not gonna happen. My users can mount from their workstations or from servers.Chris S : @luckytaxi: This is why planning network security is so important. I highly recommend conisdering retooling your network before the company grows more, and the problems become much worse. I do understand what this is asking; but it's pain now, or more later.xenny : For NFS to work well on a network, you need some form of centralised UID management (LDAP, NIS, rsyncd /etc/passwd), and ideally very controlled access to root accounts.From Mircea Vutcovici -
NFS uses the filesystem permissions across systems.
A reasonable solution would to use a group that all users were members of and set the SGID bit on the directory as well. Public writable is for /tmp. If you must, at least set the sticky bit.
luckytaxi : then it looks like I'll have to chmod 777 the folder then. It's just a folder for the developers to store all their files.Mircea Vutcovici : The guy just provided you the solution NOT to do chmod 777. You have to use a group that has writable access on your shared folder. Just create a group on all servers make sure it has the same ID and then SGID it: `find /foldername/ -type d -print0|xargs -0 chmod g+rwxs;chmod -R u+rw,g+rw,o-w /foldername/;chgrp -R newgroup /foldername/`From Warner
0 comments:
Post a Comment