Mounting remote directories/shares

Michael Torrie torriem at gmail.com
Thu Sep 26 08:32:35 MDT 2013


On 09/26/2013 01:48 AM, Dan Egli wrote:
> Hey pluggers, I seem to have run into a bit of a quandary on a personal
> project I'm designing. I'm hoping someone can help me out.
> 
> 
> 
> I have an external file server that I want to be able to keep a lot of
> files on. But I also want to maintain user permissions, so that, for
> example, user bo can see their files and what not, but could not see or
> affect user peep's files, who of course can't see or effect user bo's
> files. Unless there's some setting I can put in the /etc/exports file, my
> understanding is that NFS changes owners of files to nobody:nobody (unless
> no_root_squash is used, then it's root:root). Is there a way, perhaps in
> samba, to do this? It needs to maintain security per login, so if bo gets
> logged in, he can see his files, then if bo logs out and peep logs in, now
> that same computer (not the server) will show peep's files, and not bo's
> files.

Root squashing has nothing to do with ownership and permissions, which
are always preserved in nfs. It affects only the server's trust of the
client.  If root squashing is not disabled, then any claims by the
client that the user is root are squashed to nobody.  NFS absolutely
does maintain all permissions and ownerships.  That's kind of the whole
point of NFS!

NFS, though (at least NFSv3, the most common), is only secure if you
secure the client machines.  NFS trusts that the client is the user he
says he is (except for root which is squashed to nobody).  So if I'm
logged into a machine as bob, I can only access Bob's files and not
Alice's, but if I can sudo to root and then become the user alice, I can
now read and write
Alice's files.  So NFS is never secure if users on the client machine
have root access to their own machines.

NFSv4 changes things somewhat, if you add Kerberos to the mix.  I never
quite got around to learning how to set that up, but there are docs and
howtos out there.

Mounting via SMB is a possibility.  Samba does support the Unix security
model, so if your server and client are Linux, then you can get a
standard permission model with symlinks and everything.  But you'll have
to mount with a particular username and password.  There are PAM hacks
that can automatically mount a user's home directory after logging in,
but they have the weakness that if the login was done with a
non-password method (say a Kerberos ticket or an ssh key), then the
mount fails.  And also this method would keep the user's password in
memory in plain text, having snagged it from PAM, for a while, so mount
can use it.  Without snagging the password, the user would have to enter
his password twice, once for login and once for the mount.


More information about the PLUG mailing list