Mapping users on mount

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
I need to be able to 'map' an ordinary user to root...

Here's the scenario:

I am developing for an embedded platform.  On my development box, I work
as an ordinary user.  As I compile stuff, I place it into a ~/boot
directory.

The ~/boot dir is nfsmounted by the embedded SBC as its root fs.

The problem is that the files in ~/boot are owned by
ordinary_user:ordinary_user, and nfsmounted as being owned by user
1001:1001.  This wreaks all sorts of havoc when the embedded system
wants to boot.

I could change the files in ~/boot to be all owned by root, but that is
a major PITA, since I'd have to be root to make changes to the fs.

I could do development as root, which is probably a "really bad
idea"(tm).  :-)

Or I could figure out some way to get nfs to 'map' user 1001:1001 to
user 0:0 when it mounts the root fs.

ISTR I could do that at one time, but I can't figure out how....

Thanks....

Re: Mapping users on mount
Quoted text here. Click to load it
The 'exports' (5) man page shows the options to do it:

all_squash
   Map  all  uids  and  gids to the anonymous user. Useful for NFS-exported
public FTP
   directories, news spool directories, etc. The  opposite  option  is
no_all_squash,
   which is the default setting.

anonuid and anongid
   These options explicitly set the uid and gid of the anonymous account.  This
option
   is primarily useful for PC/NFS clients, where you might want all requests
appear to
   be  from  one  user.  As an example, consider the export entry for /home/joe
in the
   example section below, which maps all requests to uid 150 (which is
supposedly that
   of user joe).

use all_squash, and set the anonuid and anongid to root.
(unless NFS has some built-in security features to prevent you doing this)

Regards,


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:   snipped-for-privacy@cyberguard.com.au
We've slightly trimmed the long signature. Click to see the full one.

Site Timeline