NFS all_squash option

Discussion in 'Linux Networking' started by laurent, Jun 16, 2009.

  1. laurent

    laurent Guest

    I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and try
    to export nfs3 dir using all_squash or root_squash option but looks like
    squash failed... nothing on log file, no iptables... here the conf

    from exports on server :

    from fstab on client :
    server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0

    but on client all the files are still showing a wrong uid...

    did I miss something ? ;-)

    laurent, Jun 16, 2009
    1. Advertisements

  2. Define "showing wrong uid."

    If you mean you do "ls" and can still see the file owners' uids, that's
    expected. The squash options don't change the files you're accessing
    (server's uids). They only change how you access them (client's uids).
    Allen Kistler, Jun 16, 2009
    1. Advertisements

  3. laurent

    laurent Guest

    Allen Kistler a écrit :
    hu ? what's that ? ;)
    well, 'ls' on client doesn't show the new uid
    laurent, Jun 16, 2009
  4. laurent

    laurent Guest

    laurent a écrit :
    Ok, just understand that it acts like a proxy and only change uid and
    gid in order to makes all request appearing 'as anonuid' on the server
    side and not changing uid on client ;)

    laurent, Jun 16, 2009
  5. Exactly. It won't.
    squash doesn't change the uid of the server resource.
    It changes the uid of the client user.

    On the server, say "serverfile" is owned by user "sam" with uid 500.
    On the server, say uid 105 is user "fred."
    On the client, say user "george" is logged in with uid 600.

    When george does an "ls" on serverfile, he sees that it's owned by sam.
    When george accesses serverfile, he does it as user fred.

    squash is all about protecting serverfile, not anonymizing sam.
    Allen Kistler, Jun 16, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.