zlacker

[return to "NFS: The Early Years"]
1. hsbaua+Hv[view] [source] 2022-06-21 02:59:17
>>chmayn+(OP)
I’ve never really understood how permissions are supposed to work with NFS - are user IDs supposed to be consistent across systems?

Is there a sane easy way to implement authentication? Last Time I tried iirc my options were LDAP or nil.

◧◩
2. chasil+lw[view] [source] 2022-06-21 03:07:11
>>hsbaua+Hv
Under NFSv2 and NFSv3, the numeric user and group id is used to determine permission, and these must be aligned between the client and server. I have an oracle uid 60 on an older system that maps as elcaro on an NFS client (because I have a different oracle user there as uid 54321).

Under NFSv4, direct uid/gid is no longer used, but the RPC.idmapd process determines privilege. I'm not really sure how it works beyond continuing to work when uid/gid synchronization is in place for NFSv3 and the connection is upgraded.

There is also an NFS ACL standard, but I don't know anything about it.

◧◩◪
3. geertj+jL1[view] [source] 2022-06-21 14:11:27
>>chasil+lw
> Under NFSv2 and NFSv3, the numeric user and group id is used to determine permission, and these must be aligned between the client and server.

Technically the server doesn't need to have a UID/GID database that's aligned with the client, what's required is that all clients of the same server are aligned. The server will take the numerical UID/GIDs from the RPC sent by the client and perform Posix style permission checks using the owner UID, owner GID, and mode bits stored in the inode of the file or directory. The server doesn't need to known what user the UID corresponds to.

[go to top]