zlacker

[return to "NFS: The Early Years"]
1. hsbaua+Hv[view] [source] 2022-06-21 02:59:17
>>chmayn+(OP)
I’ve never really understood how permissions are supposed to work with NFS - are user IDs supposed to be consistent across systems?

Is there a sane easy way to implement authentication? Last Time I tried iirc my options were LDAP or nil.

◧◩
2. chasil+lw[view] [source] 2022-06-21 03:07:11
>>hsbaua+Hv
Under NFSv2 and NFSv3, the numeric user and group id is used to determine permission, and these must be aligned between the client and server. I have an oracle uid 60 on an older system that maps as elcaro on an NFS client (because I have a different oracle user there as uid 54321).

Under NFSv4, direct uid/gid is no longer used, but the RPC.idmapd process determines privilege. I'm not really sure how it works beyond continuing to work when uid/gid synchronization is in place for NFSv3 and the connection is upgraded.

There is also an NFS ACL standard, but I don't know anything about it.

◧◩◪
3. jjoona+4H[view] [source] 2022-06-21 04:56:48
>>chasil+lw
> these must be aligned between the client and server

looooool

(Seriously, though, could someone tell me why this was supposed to make sense?)

◧◩◪◨
4. neilv+441[view] [source] 2022-06-21 08:04:58
>>jjoona+4H
At the time, Sun NFS clients would receive equivalents of `/etc/passwd` over the network, using the YP service (later renamed NIS).

Like much of Unix, it was worse-is-better, and pretty productive for a site. (Well, until there was a problem reaching the NFS server, or until there was a problem with an application license manager that everyone needed.)

[go to top]