Mounting remote directories/shares

Lloyd Brown lloyd_brown at byu.edu
Thu Sep 26 08:16:18 MDT 2013


I could be wrong, but I'm pretty sure that the root_squash vs
no_root_squash, only has an effect on how root-owned files are viewed by
the remote NFS clients.  For example, if a file is owned by root:root,
and you leave root_squash enabled, *that* file will appear to be owned
by nobody:nobody, but files owned by non-root users (non-zero UIDs),
will be unaffected.

As far as what the general solution is for your situation, its going to
depend on how much control you have over the NFS clients.  If you have
full control, and can enforce the user-to-UID (and group-to-GID)
associations, then a simple NFSv3 server is probably the easiest thing
to do.  If you have people connecting with their own clients that they
control, and you can't guarantee those associations, then you're going
to need to look a little farther, for something with better client
security models.  Maybe Samba.  Maybe NFS with Kerberos.  I don't know
if NFSv4 has any security features like this or not.



Lloyd Brown
Systems Administrator
Fulton Supercomputing Lab
Brigham Young University
http://marylou.byu.edu

On 09/26/2013 01:48 AM, Dan Egli wrote:
> Unless there's some setting I can put in the /etc/exports file, my
> understanding is that NFS changes owners of files to nobody:nobody (unless
> no_root_squash is used, then it's root:root).


More information about the PLUG mailing list