Posted by: isaraffee | April 21, 2010

Issues on UIDs of NFS server and client

Issues on UIDs of NFS Server and Client

On the NFS client

root@ismail-laptop:~# grep ismail /etc/passwd

ismail:x:1000:1000:ismail,,,:/home/ismail:/bin/bash

On the NFS server

root:# grep ismail /etc/passwd

ismail:x:1001:100::/home/ismail:

The user has different UID on the server and at the client. Let’s see if this affect the file sharing

On the nfs client

# mount -t nfs 172.16.0.1:/home/ismail /home/ismail

#mount

172.16.0.1:/home/ismail on /home/ismail type nfs (rw,addr=172.16.0.1)

Access and try edit the files

On the client the user can view the file but unable to edit the file

SO now I will try to change the UIDs to 1001

On the client, I have to make some adjustment to the user who currently has UID 1001

# usermod -u 1005 idris

Now I assigned the user ismail UID with 1001

root@ismail-laptop:/home/ismail# grep ismail /etc/passwd

ismail:x:1001:1000:ismail,,,:/home/ismail:/bin/bash

Now the UID is the same let’s try to edit the shared file

ismail@ismail-laptop:~$ vi ismailfile

good job

yes I need to change the UID to edit the file

Yes the user can now edit the shared file.

Making NFS share called “portsmouth”

On the NFS server and in my case Vector Linux

root:# mkdir /portsmouth

root:# chmod 1777 /portsmouth/

root:# ls -ld /portsmouth/

drwxrwxrwt 2 root root 4096 2010-02-24 12:11 /portsmouth//

Now the portsmouth directory only allow users to edit their own file. Furthermore users cannot delete files that do not belong to them.

On the NFS server, again mine is Vecotr Linux, set up the directories to be shared.

root:# vi /etc/exports

/portsmouth 172.16.0.2/255.255.0.0(rw,root_squash)

Then type:

root:# exportfs -v -a

exporting 172.16.0.2/255.255.0.0:/root/Desktop/TopHits

exporting 172.16.0.2/255.255.0.0:/home/ismail

exporting 172.16.0.2/255.255.0.0:/portsmouth

Restart the NFS server

root:# ./rc.nfsd start

Starting RPC portmapper: /sbin/rpc.portmap

Starting RPC kernel lockd process: /sbin/rpc.lockd

Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd

Starting NFS server daemons:

/usr/sbin/exportfs -r

/usr/sbin/rpc.rquotad

/usr/sbin/rpc.nfsd 8

/usr/sbin/rpc.mountd

Note that in my case I do not need to restart the portmap service

Now let’s configure NFS on Ubuntu. I will make Ubuntu as the NFS server and the NFS client.

The portmap script is found at /etc/rc.d/init.d

/./portmap

On the NFS client, make directory so that users will access their files.

root@ismail-laptop:/mnt# mkdir portsmouth

root@ismail-laptop:/mnt# ll portsmouth/

total 0

root@ismail-laptop:/mnt# ll -d portsmouth/

drwxr-xr-x 2 root root 4096 2010-02-24 14:41 portsmouth/

Now mount the share

root@ismail-laptop:~# mount -t nfs 172.16.0.1:/portsmouth /mnt/portsmouth/

root@ismail-laptop:~# mount

/dev/sda1 on / type ext3 (rw,relatime,errors=remount-ro)

<information truncated for brevity>

172.16.0.1:/portsmouth on /mnt/portsmouth type nfs (rw,addr=172.16.0.1)

Now try to create files and try to delete other users’ files

root@ismail-laptop:~# su – idris

idris@ismail-laptop:~$ pwd

/home/idris

idris@ismail-laptop:~$ cd /mnt/portsmouth/

idris@ismail-laptop:/mnt/portsmouth$ ls -l

total 8

-rw-r–r– 1 ismail ismail 5 2010-02-24 15:13 ismail_recipes

-rw-r–r– 1 ismail users 5 2010-02-24 15:11 ismail_secrets

idris@ismail-laptop:/mnt/portsmouth$ rm ismail_recipes

rm: remove write-protected regular file `ismail_recipes’? y

rm: cannot remove `ismail_recipes’: Operation not permitted

User idris cannot remove ismail’s files

Note

The sticky bit is set on the NFS server, not the client

This is what it looks like on the NFS server

root:# ls -ld portsmouth/

drwxrwxrwt 2 root root 4096 2010-02-24 15:13 portsmouth//

And after you mount on the client, it appears that the sticky bit is set automatically by NFS

idris@ismail-laptop:~$ ls -ld /mnt/portsmouth/

drwxrwxrwt 2 root root 4096 2010-02-24 15:13 /mnt/portsmouth/

Important Notes

When you mount an NFS share on the client, the client thought that he is creating files on the local machine, but the truth is that the files he created all reside in the NFS server. Once you unmount the NFS share, the client files are not on his or her home directory. They are found on the NFS server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: