| View previous topic :: View next topic |
| Author |
Message |
pops45042
Apprentice
Joined: 07 Jan 2004
Posts: 278
Location: Cincinnati, Ohio
|
 Posted: Fri Mar 30, 2007 12:14 am Post subject: NFS default permissions |
 |
|
Ok, I have built a nice little network attacked storage array thanks to cheap hard drives and gentoo. But I'm having a problem with permissions.
I've got a share that all the clients mount via fstab. But whenever they copy or add folders/files, the permissions are always set with user and group being their username. Other users can not write to their files or remove them. I'd like other users to be able to.
Is there a way so that whenever a user makes a new file on the nfs share that the permissions are either:
rw-rw-rw-
or the group is always "users" ?
Thanks,
Paul
_________________
"That which does not kill me only postpones the inevitable"
Laugh at my old system!
AMD Opteron 165@ 2750Mhz, 2gig 400mhz Cas2 Crucial Ballistix, Abit NF8 Ultra MB, WD 80gig (system), WD 120gig (storage), Geforce 8800GTS 320MB, Mushkin 550W PS |
|
| Back to top |
|
 |
pops45042
Apprentice
Joined: 07 Jan 2004
Posts: 278
Location: Cincinnati, Ohio
|
| Posted: Fri Mar 30, 2007 12:24 am Post subject: |
|
|
Figures, I find the answer just when I think I've looked enough:
| Code: | anonuid and anongid
These options explicitly set the uid and gid of the anonymous account.
This option is primarily useful for PC/NFS clients, where you might want
all requests appear to be from one user. As an example, consider the
export entry for /home/joe in the example section below, which maps all
requests to uid 150 (which is supposedly that of user joe). |
....So how do I find the id number of a specific user and group?
Paul
_________________
"That which does not kill me only postpones the inevitable"
Laugh at my old system!
AMD Opteron 165@ 2750Mhz, 2gig 400mhz Cas2 Crucial Ballistix, Abit NF8 Ultra MB, WD 80gig (system), WD 120gig (storage), Geforce 8800GTS 320MB, Mushkin 550W PS |
|
| Back to top |
|
|
RoundsToZero
Guru
Joined: 17 Nov 2003
Posts: 478
Location: New York, NY
|
| Posted: Fri Mar 30, 2007 12:47 am Post subject: |
|
|
But I think what you really want is umask. Read the man page. It sets the file mode creation mask. Run with no args to see the current mask. The execute bit is worth 1 so you want umask 0111 to get the starting permissions you said. However this is a client setting, I don't think the NFS server enforces anything like this. Also I don't know how to set the umask at boot time, and you would need to do that on all clients for this to work.
The group on a newly created file comes from the default group for the user who created the file. On gentoo that really should be users, but some other distros create a group for each user. Unfortunately, with NFS, there's no way to force remote clients to use a specific group, but if you have control over all of the user accounts, you could change the default group for all of them to users. Just make sure the uid for users is the same on the client and the server! |
|
| Back to top |
|
|
pops45042
Apprentice
Joined: 07 Jan 2004
Posts: 278
Location: Cincinnati, Ohio
|
| Posted: Fri Mar 30, 2007 1:17 am Post subject: |
|
|
How would I specify the umask? I tried something like:
192.168.5.1:/mnt/store/ftp /mnt/NAS nfs rw,rsize=8192,wsize=8192,umask=0777
but it gets pissed about the umask. The error that I got was: | Quote: | unknown nfs mount parameter: umask=777
|
_________________
"That which does not kill me only postpones the inevitable"
Laugh at my old system!
AMD Opteron 165@ 2750Mhz, 2gig 400mhz Cas2 Crucial Ballistix, Abit NF8 Ultra MB, WD 80gig (system), WD 120gig (storage), Geforce 8800GTS 320MB, Mushkin 550W PS |
|
| Back to top |
|
|
yabbadabbadont
Advocate
Joined: 14 Mar 2003
Posts: 4791
Location: 2 exits past crazy
|
| Posted: Fri Mar 30, 2007 1:25 am Post subject: |
|
|
That's because neither nfs nor nfs4 have umask as a mount option. (man mount) If I remember correctly from my Unix days, the server that exports the filesystem sets the permissions. Which is the way it should be. (my files, my rules.  )
_________________
| Bones McCracker wrote: | | On the other hand, regex is popular with the ladies. |
|
|
| Back to top |
|
|
pops45042
Apprentice
Joined: 07 Jan 2004
Posts: 278
Location: Cincinnati, Ohio
|
| Posted: Fri Mar 30, 2007 1:30 am Post subject: |
|
|
Weird, so the anongid and anonuid didn't work. This is what I set my /etc/exportfs file to:
| Code: | | /mnt/store/ftp 192.168.5.0/24(sync,rw,no_subtree_check,anongid=100,anonuid=100) |
and the 100 coresponds the the Users group. I did:
| Quote: | exportfs -ra
restart nfs |
_________________
"That which does not kill me only postpones the inevitable"
Laugh at my old system!
AMD Opteron 165@ 2750Mhz, 2gig 400mhz Cas2 Crucial Ballistix, Abit NF8 Ultra MB, WD 80gig (system), WD 120gig (storage), Geforce 8800GTS 320MB, Mushkin 550W PS |
|
| Back to top |
|
|
pops45042
Apprentice
Joined: 07 Jan 2004
Posts: 278
Location: Cincinnati, Ohio
|
| Posted: Fri Mar 30, 2007 1:49 am Post subject: |
|
|
Could someone provide an example of how to set permissions on the server to so that when a client creates a file/folder its under a certain user&group OR has specific rwxrwxrwx permissions?
Thanks,
Paul
_________________
"That which does not kill me only postpones the inevitable"
Laugh at my old system!
AMD Opteron 165@ 2750Mhz, 2gig 400mhz Cas2 Crucial Ballistix, Abit NF8 Ultra MB, WD 80gig (system), WD 120gig (storage), Geforce 8800GTS 320MB, Mushkin 550W PS |
|
| Back to top |
|
|
mikb
Tux's lil' helper
Joined: 14 Dec 2005
Posts: 124
Location: Sydney Australia
|
| Posted: Fri Mar 30, 2007 5:20 am Post subject: Re: NFS default permissions |
|
|
| pops45042 wrote: | | I've got a share that all the clients mount via fstab. But whenever they copy or add folders/files, the permissions are always set with user and group being their username. Other users can not write to their files or remove them. I'd like other users to be able to. |
This is the default behaviour. And it's usually a good way of doing things (TM).
From memory you need to do a couple of things on the server:
- Change the tree to a common group, say "users":
| Code: | | chgrp -R users /mnt/store/ftp |
Use | Code: | | find /mnt/store/ftp -type d|xargs chmod g+swx |
on the tree to force BSD style semantics on the directories, so that when a file or directory is created, the group setting is propagated.
Then make sure all your users actually belong to the group "users"
Now as for the umask stuff, as yabbadabbadont pointed out, you can't force it on an nfs mount. 
And anyway, umask is a mask of the bits to be disallowed, and it's applied to the permissions bitmap (see stat(2)) to work out what can be set. Typical umasks are 022 or 002 (probably the default these days), which disallow write by everyone but the owner, and write by anyone other than the owner or a member of the group, respectively. Shouldn't need to be fiddled in this case. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
