NFSv4 and root access
Matt Garman
matthew.garman at gmail.com
Tue Jun 3 12:20:04 EDT 2014
On Tue, Jun 3, 2014 at 10:57 AM, Jaap <jwinius at umrk.nl> wrote:
> On Tue, 03 Jun 2014 10:08:29 -0500, Matt Garman wrote:
>
>> ... on my nfs client machines (which is several dozen), I
>> haven't even touched the /etc/idmapd.conf file.
>
> That's interesting. However, my experience is that if I don't run
> rpc.idmapd on the clients with at least "Domain = <mydomain>" in
> idmapd.conf, the files and directories in my mounted exports are all
> owned by nobody.nogroup. How do you prevent that?
Sorry, my mistake, you are correct. Indeed, I *do* modify the
/etc/idmapd.conf files on all the client machines. (This is done via
an automatic setup script when building up client machines, so it
slipped my mind.)
So, now, looking at the diff of my custom client-side /etc/idmapd.conf
versus my distro (CentOS 5.7) default, I make the following changes:
Domain = <mydomain>
Nobody-User = nfsnobody # default is nobody
Nobody-Group = nfsnobody # default is nobody
Going from memory, those last two changes might be specific to CentOS.
During my initial setup of all this, I additionally had Verbosity = 1
(but that's just a logging thing, doesn't change any behavior).
Apologies for the confusion!
More information about the Kerberos
mailing list