6

I have a large NFS shared storage system in my equipment rack. My operation is bringing up a number of other Linux systems that use the NFS system as the primary production storage.

Sometimes the storage is shared and also I want to be able to bring up and import various VMs as projects proceed. The problem I see developing is that NFS does not attempt to qualify the authentication of its client systems' users If UID=1234 is Alice on one system and another uses UID=1234 for Bob the file system their file permissions are the same as far as the NFS system is concerned.

How is this problem generally handled in the NFS world?

AlanObject
  • 662
  • 2
  • 9
  • 20

1 Answers1

6

in medium to large organizations, we usually use central directories (LDAP, NIS, NISplus etc.) to store/share users accross systems (and therefore UIDs are the same everywhere).

if you don't, you need to put some kind of "conventions" in your systems, if possible, keep the same UIDs on every system, reserve "ranges" and use them, and keep an inventory of them.

in the meantime, to fix your problem, i think it depends the amount of systems you have : if you don't have many systems : are you able to change the user IDs on every system ? (and you will have to do some chmods here and there)

if not possible, i don't think you don't have many solutions, either :

  • chmodding the folders with larger permissions on your NFS shares
  • use groups (the easiest solution), create new groups on your systems and put your users in them, and use these groups and groups permissions on your shares, it will limit the risk. and when creating these groups, respect the same GIDs on every system :) therefore even if your users have different UIDs, at least you have the same GIDs accessing the shares and you can easily manage your access rights like that
olivierg
  • 524
  • 2
  • 8
  • 27