Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: nfs permissions
Top Forums UNIX for Advanced & Expert Users nfs permissions Post 84053 by RTM on Wednesday 21st of September 2005 12:39:12 PM
Old 09-21-2005
According to the man page, the netgroup only looks at the host, not users for the exports file.

Quote:
netgroups
NIS netgroups may be given as @group. Only the host part of
each netgroup members is consider in checking for membership.
Empty host parts or those containing a single dash (-) are
ignored.
So, if you have NIS set that trusted_group is a group (that user A and B belong to), it won't work. Although the man page also states that the format of /etc/exports is similar to SunOS, I don't recall if you can add a user or group of users in the older version under SunOS.

Change your entry to share it out to specific servers with rw. Then, you may be able to change the permissions and group ownership so that only those two users (belonging to a certain group) can have rw - all others read-only. Not sure if that will work or not. Worth a shot.
 

10 More Discussions You Might Find Interesting

1. HP-UX

nfs export permissions

Hello, If I have an export like: /usr/temp -rw=ram:alligator means that /usr/temp has "rw" permissions to ram and alligator machines and has "ro" to everyone else? (1 Reply)
Discussion started by: psimoes79
1 Replies

2. Solaris

NFS mount. Nobody Nobody permissions.

Hi, I have an NFS mount on a Solaris 10 server with file permissions nobody:nobody. This is an NFS export from an Netapp filer. Export attributes from the filer are below. Anonymous User ID=0 Read-Write Access (All Hosts) Security (sys) I have other NFS exports set up with the same... (7 Replies)
Discussion started by: gwhelan
7 Replies

3. Solaris

Permissions on NFS mount

I am mounting a directory remotely but I am not able to write to the NFS mount. I am using the following commands to share and mount the file system: On source server in DFStab file share -F nfs -o rw -d "IWStore" /iw-store On the client I am mounting like this: mount -F nfs -o rw... (4 Replies)
Discussion started by: wstclair
4 Replies

4. AIX

NFS mounts and user permissions

We need to allow ordinary users to preform NFS mounts on a AIX server without giving them root access to the server. Is there a way to give an ordinary users root access on a tem basis or a script to allow them to preform NFS mounts? (4 Replies)
Discussion started by: daveisme
4 Replies

5. Solaris

NFS Mount permissions weird

Hi all. I have a nas mounted on a solaris box as /u04. Currently I am getting a permission denied error from my HP DataProtector backup and when I ls -l the actual directory I get: drwxrwxrwt 5 65535 nogroup 4096 Nov 9 13:46 u04 I also have SAN mounted as /u06 and it is... (1 Reply)
Discussion started by: jamie_collins
1 Replies

6. Shell Programming and Scripting

Issue with changing the permissions on an nfs mount

Hi All, I have an nfs share which I mounted to my linux machine as below. df -k output TSDapp-na-02:/vol/tsd_app_1/rn_jira 47185920 11663072 35522848 25% /opt/rn_jira I have no entry for this in my /etc/fstab. I did it by the following way. mount -t nfs... (2 Replies)
Discussion started by: Tuxidow
2 Replies

7. UNIX for Advanced & Expert Users

[Solved] nfs share permissions with java

Please bare with me while I try to explain this weird problem. We are exporting a filesystem from an aix box to two linux boxes. On the linux box a java-weblogic application hits the share. For explanation benefits I'll describe the users thus. aix filesystem owned by userA in groupA on... (2 Replies)
Discussion started by: fwellers
2 Replies

8. UNIX for Dummies Questions & Answers

Permissions for NFS share

Hi, I have created a NFS share in Solaris 10 server1 and mounted it on solaris 10 server 2.But I want to change owner of the files from nobody to a particular user in client. Which command should I use. I have tried the following but it doesn't allow to change permissions in the server2 as... (0 Replies)
Discussion started by: Rossdba
0 Replies

9. Solaris

Problem exporting NFS filesysytem with root permissions to Linux

Hi, I have a Solaris 10 server and I want to export a filesystem to a linux client and give the client's root user root priviliges on the filesystem. The client is an ubuntu 14.04 LTS server. the dfstab on the server looks lik this: /usr/sbin/share -F nfs -o ... (1 Reply)
Discussion started by: nvanvliet
1 Replies

10. Red Hat

RHEL 7.1 autofs permissions do not match NFS servers

RHEL 7.1 client using autofs to mount a NIS map of home directories being exported by a Solaris 10x86 nfs server. The owner and group are correct on the NFS server, but on the RHEL client, the owner and group end up being nobody nobody. The USERS and GROUPS are NIS maps as well. They are... (2 Replies)
Discussion started by: mrmurdock
2 Replies

LEARN ABOUT SUNOS

netgroup

netgroup(4)															       netgroup(4)

NAME

       netgroup - list of network groups

SYNOPSIS

       /etc/netgroup

       A  netgroup  defines  a	network-wide group of hosts and users. Use a netgroup to restrict access to shared NFS filesystems and to restrict
       remote login and shell access.

       Network groups are stored in a network information services, such as LDAP, NIS, or NIS+, not in a local file.

       This manual page describes the format for a file that is used to supply input to a program such as ldapaddent(1M) for LDAP, makedbm(1M) for
       NIS, or nisaddent(1M) for NIS+.	These programs build maps or tables used by their corresponding network information services.

       Each line of the file defines the name and membership of a network group. The line should have the format:

       groupname     member...

       The items on a line can be separated by a combination of one or more spaces or tabs.

       The  groupname  is  the	name of the group being defined. This is followed by a list of members of the group. Each member is either another
       group name, all of whose members are to be included in the group being defined, or a triple of the form:

       (hostname,username,domainname)

       In each triple, any of the three fields hostname, username, and domainname, can be empty. An empty field signifies a wildcard that  matches
       any value in that field. Thus:

       everything (,,this.domain)

       defines a group named "everything" for the domain "this.domain" to which every host and user belongs.

       The  domainname	field refers to the domain in which the triple is valid, not the domain containing the host or user. In fact, applications
       using netgroup generally do not check the domainname. Therefore, using

       (,,domain)

       is equivalent to

       (,,)

       You can also use netgroups to  control  NFS  mount  access  (see  share_nfs(1M))  and  to  control  remote  login  and  shell  access  (see
       hosts.equiv(4)). You can also use them to control local login access (see passwd(4), shadow(4), and compat in nsswitch.conf(4)).

       When  used  for these purposes, a host is considered a member of a netgroup if the netgroup contains any triple in which the hostname field
       matches the name of the host requesting access and the domainname field matches the domain of the host controlling access.

       Similarly, a user is considered a member of a netgroup if the netgroup contains any triple in which the username field matches the name	of
       the user requesting access and the domainname field matches the domain of the host controlling access.

       Note  that when netgroups are used to control NFS mount access, access is granted depending only on whether the requesting host is a member
       of the netgroup. Remote login and shell access can be controlled both on the basis of host and user membership in separate netgroups.

       /etc/netgroup	       Used by a network information service's utility to construct a map or table that contains netgroup information. For
			       example, ldapaddent(1M) uses /etc/netgroup to construct an LDAP container.

       Note  that  the	netgroup information must always be stored in a network information service, such as LDAP, NIS, or NIS+. The local file is
       only used to construct a map or table for the network information service. It is never consulted directly.

       nis+(1), ldapaddent(1M), makedbm(1M), nisaddent(1M), share_nfs(1M), innetgr(3C),  hosts(4),  hosts.equiv(4),  nsswitch.conf(4),	passwd(4),
       shadow(4)

       netgroup requires a network information service such as LDAP, NIS, or NIS+.

       Applications may make general membership tests using the innetgr() function. See innetgr(3C).

       Because the "-" character will not match any specific username or hostname, it is commonly used as a placeholder that will match only wild-
       carded membership queries. So, for example:

       onlyhosts (host1,-,our.domain) (host2,-,our.domain)
       onlyusers (-,john,our.domain) (-,linda,our.domain)

       effectively define netgroups containing only hosts and only users, respectively. Any other string that is guaranteed  not  to  be  a  legal
       username or hostname will also suffice for this purpose.

       Use of placeholders will improve search performance.

       When  a	machine  with  multiple  interfaces  and  multiple names is defined as a member of a netgroup, one must list all of the names. See
       hosts(4). A manageable way to do this is to define a netgroup containing all of the machine names. For example, for a host  "gateway"  that
       has names "gateway-subnet1" and "gateway-subnet2" one may define the netgroup:

       gateway (gateway-subnet1,,our.domain) (gateway-subnet2,,our.domain)

       and use this netgroup "gateway" whenever the host is to be included in another netgroup.

								    22 Jul 2004 						       netgroup(4)
All times are GMT -4. The time now is 09:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy