0

Let's say I have a NFS /home on my server that gets mounted on boot by clients (EDIT: on their own machines -- locally), in order to have a common /home for my clients, this way they automatically save whatever they are doing (EDIT: locally on their machines) to the server.

I am using LDAP/Kerberos for authentication. How do I chown /home/userdir directories to the user without having such entry in passwd on the server?

My assumption is that since NFS keeps permissions for directories as is, users will not be able to access other user's home directories, and as such, I'd have a secure shared /home directory.

Am I on the right track?

Thank you for all your suggestions!

Aroll605
  • 161
  • 1
  • 4
  • Look into FreeIPA if you're setting up LDAP/Kerberos, as it handles much of the heavy lifting for you. Including this. – Michael Hampton Oct 07 '14 at 23:25
  • Thank you! It looks great as a quick solution, but I'd like to understand the internal workings of the system before I use scripts to accomplish a task :) – Aroll605 Oct 08 '14 at 01:58

1 Answers1

5

If you don't have LDAP configured on the NFS server you lack the username <--> UID and groupname <--> GID number mappings there. No problem you can simply use the numerical UID and GUID values in chown.

Normally though you really should have LDAP and Kerberos enabled on the NFS server, as that not only allows you to use the user and group names in chown, it also enables secure NFSv4 with Kerberos, a significant step up in security.

HBruijn
  • 77,029
  • 24
  • 135
  • 201