Mounting a NFS file system by changing default owner

linux permissions mount nfs
16,107

Create user and group admin with non-interactive shell on NFS server, assuming that admin user and group exists in nfs client. The non-interactive shell option will prevent admin at NFS client from gaining access to NFS server. It works, because nfs maps uid and gid of server with its clients, so any file permissions assigned to the exported directories will remain intact as long the uid and gid matches between the server and client for admin user and group. ACL is an nfsv3 specific option.

Note down the admin uid and gid (primary) in client machine and use it to create an account in NFS server. For example uid|gid of admin in client machine = 502

NFS Server:

As root user:

useradd -u 502 -s /sbin/nologin admin
mkdir /portalweb
chmod 770 /portalweb
chown admin /portalweb
chgrp admin /portalweb
ls -ld /portalweb
getfacl /portalweb

You can allow collaboration among admin group members through setgid bit placed on /portalweb directory.

vim /etc/exports
     /portalweb 192.168.2.149(ro,sync,root_squash)
:wq

exportfs -rv

NFS Client:

As root user:

mkdir /cert
vim /etc/fstab
192.168.2.149:/portalweb /cert nfs ro,nfsvers=4 0 0
:wq

mount -a
df -h -F nfs
mount | grep nfs    
      192.168.1.71:/exports on /cert type nfs (r0,nfsvers=4,addr=192.168.2.49,clientaddr=192.168.2.50)

Root user cannot access the files in /cert, because root has been squashed to user and group: "nobody" (see /etc/exports on NFS server). But root has the privilege to mount the NFS exports on the client machine, by default. If you prefer to use autofs service, normal users like admin do not have privilege to set automounting NFS directories using autofs service, unless they have been given special administrator privileges as like sudo users.

ls -ld /cert 
      drwxrwx---. 12 admin admin 4096 Dec 10 /cert
ls /cert
      ls: cannot open directory /cert: Permission denied
su - admin

As admin user (only admin user (or admin group if properly configured with uids matching between client and server) can access the /cert contents):

ls /cert

As any other user:

ls /cert
   ls: cannot open directory /cert: Permission denied
Share:
16,107

Related videos on Youtube

user3744406
Author by

user3744406

Updated on September 18, 2022

Comments

  • user3744406
    user3744406 over 1 year

    I want to mount a NFS file system with user/group ownership of <admin> . How it can be done ? 

    mkdir /cert
chown admin.admin /cert
mount -t nfs 192.168.2.149:/portalweb /cert/

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to write as root (but can as user)
Why does my nfs mount always changes to be owned by root after mounting?
mount unmount without sudo
Whats faster? Copy via nfs-mount or via scp?
how to list remote exported NFSv4 volumes?
how to get user permissions for nfs share?
How can I get read/write access to NFS share of Synology NAS?
How to mount an remote filesystem with specifying a port number
Make all files under a directory read-only without changing permissions?
How to remount as read-write a specific mount of device?