bad file permissions on NFS shares ( share all nfs with a fixed user)

por | 10 enero, 2013

I have found the best way to combat bad file permissions on NFS shares, only do this if you don’t care for security.

in /etc/exports add the option

Code:
all_squash

This will by default force permissions of all creations and accesses to the uid 65534 and the gid 65534, if you wish to specify the user id and the group id to use instead of this, just add the following:

Code:
anonuid=XXXX,anongid=XXXX

where XXXX is the ID, not the name, of the user/group you wish to force.

Under Debian/Ubuntu, by default the first user & group id is 1000:1000, so you could use the following

Code:
all_squash,anonuid=1000,anongid=1000

Then on your NFS share, be sure to fix the permissions of all the existing files if there is any, this MUST be done on the NFS server, the NFS server by default will squash root operations originating from a client.

Code:
$ sudo chown -R 1000:1000 /path/to/nfs/share

Very simple to fix, much easier then setting up samba even still, and works much better when serving to a linux machine.

For those that are interested, my /etc/exports contains:

Code:
/media/BulkData 192.168.0.0/24(rw,async,no_subtree_check,all_squash)

And my files are ALL owned by 65534:65534, which under Debian & Ubuntu are «nobody:nogroup».

Ejemplo:

/downloads    192.168.1.0/255.255.255.0(rw,insecure,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)