Quote:
Originally Posted by
alvinoo
Hi Aia,
So that means I just need to call /share from another node within the same subnet and it will work for your nfs sharing mode method?
---------- Post updated at 05:57 AM ---------- Previous update was at 01:54 AM ----------
Hi there,
Is it possible to specific the NFS security restricted to particular host and by UID and GID?
Another thing is what is the difference between root squashing, nosuid, noexec options?
How do I access through UID and GID through manipulation?
Hello,
Root squash
Root squash is a reduction of the access rights for the remote superuser (root) when using identity authentication
(local user is the same as remote user). It is primarily a feature of NFS but may be available on other systems as well.
This problem arises when a remote file system is shared by multiple users. These users belong to one or multiple groups.
In Unix, every file and folder normally has separate permissions (read, write, execute) for the owner
(normally the creator of the file), for the group to which the owner belongs, and for the "world" (all other users).
This allows restriction of read and write access only to the authorized users while in general the NFS server must also be protected by firewall.
A superuser has more rights than an ordinary user, being able to change the file ownership, set arbitrary permissions, and
access all protected content. Even users that do need to have root access to individual workstations may not be authorized
for the similar actions on a shared file system. Root squash reduces rights of the remote root, making one no longer superuser.
On UNIX like systems, root squash option can be turned on and off in /etc/exports file on a server side.
After implementing the root squash, the authorized superuser performs restricted actions after logging into an NFS server directly
and not just by mounting the exported NFS folder.
2nd:
the nosuid, noexec and others are options which you can pass to the mount command (which performs the actual mounting).
Regards
