Email web hosting - Chapter 27 . Running a File Servers 721
Chapter 27 . Running a File Servers 721 Access Options in /etc/exports You don t have to just give away your files and directories when you export a directory with NFS. In the options part of each entry in /etc/exports, you can add options that allow or limit access by setting read/write permission. These options, which are passed to NFS, are as follows: . ro Client can mount this exported file system read-only. The default is to mount the file system read/write. . rw Explicitly asks that a shared directory be shared with read/write permissions. (If the client chooses, it can still mount the directory read-only.) User Mapping Options in /etc/exports In addition to options that define how permissions are handled generally, you can use options to set the permissions that specific users have to NFS shared file systems. One method that simplifies this process is to have each user with multiple user accounts have the same username and UID on each machine. This makes it easier to map users so that they have the same permissions on a mounted file system that they do on files stored on their local hard disks. If that method is not convenient, user IDs can be mapped in many other ways. Here are some methods of setting user permissions and the /etc/exports option that you use for each method: . root user The client s root user is generally mapped into the nfsnobody username (UID 65534). This prevents a client computer s root user from being able to change all files and directories in the shared file system. If you want the client s root user to have root permission on the server, use the no_root_ squash option. There may be other administrative users, in addition to root, that you want to squash. I recommend squashing UIDs 0 99 as follows: squash_uids=0 99. . nfsnobody user/group By using nfsnobody username and group name, you essentially create a user/group with permissions that do not allow access to files that belong to any real users on the server, unless those users open permission to everyone. However, files created by the nfsnobody user or group are available to anyone assigned as the nfsnobody user or group. To set all remote users to the nfsnobody user/group, use the all_squash option. The nfsnobody user is assigned to UIDs and GIDs of 65534 to prevent the ID from running into a valid user or group ID. Using anonuid or anongid options, you can change the nfsnobody user or group, respectively. For example, anonuid=175 sets all anonymous users to UID 175, and anongid=300 sets the GID to 300. (Only the number is displayed when you list file permission unless you add entries with names to /etc/password and /etc/group for the new UIDs and GIDs.) Tip
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.