'no_root_squash'에 해당되는 글 1건

  1. 2011.08.03 cp: `./filename'의 소유자 검출 실패: Operation not permitted
프로그램 사용/nfs2011. 8. 3. 14:50
NFS로 마운트 하고 나서 보기에는 문제가 없어 보이지만
실제로 파일을 복사해 넣으려고 하면 위와 같은 에러가 발생한다.

sudo cp 를 해도 여전히 문제가 해결되지 않는데 이는 NFS의 권한 문제 때문이다. 

cat /etc/exports
/home (rw)

라고만 nfs를 공유할 경우,
기본값으로 root_squash  옵션이 들어가며, 이런 이유로 rw가 들어가더라도 권한이 맞지 않아 파일을 생성할 수 없게 된다. 
(anonymous 권한으로 설정이 되는데, 이러한 이유로 nobody:nogroup 권한으로 파일이 생성되며, other 권한이 rw- 일 경우 제한적으로 파일이 생성되기도 한다. 물론 디렉토리 권한한 기본 퍼미션 마스크를 따르기 때문에 하위 디렉토리 부터는 안될수도 있다)

User ID Mapping

nfsd bases its access control to files on the server machine on the uid and gid provided in each NFS RPC request. The normal behavior a user would expect is that she can access her files on the server just as she would on a normal file system. This requires that the same uids and gids are used on the client and the server machine. This is not always true, nor is it always desirable.
Very often, it is not desirable that the root user on a client machine is also treated as root when accessing files on the NFS server. To this end, uid 0 is normally mapped to a different id: the so-called anonymous or nobody uid. This mode of operation (called 'root squashing') is the default, and can be turned off with no_root_squash.

By default, exportfs chooses a uid and gid of 65534 for squashed access. These values can also be overridden by the anonuid and anongid options. Finally, you can map all user requests to the anonymous uid by specifying the all_squash option.

Here's the complete list of mapping options:

Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids that might be equally sensitive, such as user bin.
Turn off root squashing. This option is mainly useful for diskless clients.
Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting.
anonuid and anongid
These options explicitly set the uid and gid of the anonymous account. This option is primarily useful for PC/NFS clients, where you might want all requests appear to be from one user. As an example, consider the export entry for /home/joe in the example section below, which maps all requests to uid 150 (which is supposedly that of user joe). 

[링크 : http://linux.die.net/man/5/exports 

'프로그램 사용 > nfs' 카테고리의 다른 글

ubuntu nfs 지원  (4) 2012.06.06
conflict of nfs file lock and samba  (0) 2011.08.04
NFS를 외부에서 접속하기 (공유기를 거쳐)  (0) 2011.07.29
nfs 보안  (2) 2011.06.24
NFS 왜 안될까?  (0) 2010.02.17
Posted by 구차니