[Freeipa-users] Root access to NFS
Simo Sorce
ssorce at redhat.com
Mon Sep 28 15:43:41 UTC 2009
I don't think you can use no_root_squash with sec=krb5
When using krb5 you are working in a "user auth" model, not in a "client
is trusted" model so you can't access stuff as root.
In any case I'd suggest you ask in an NFS specific forum, they'll have
much better advice. FreeIPA is just an easy way to get a krb
infrastructure up, doesn't change anything from the NFSv4 pov.
Simo.
On Mon, 2009-09-28 at 16:09 +0100, Andy Singleton wrote:
> Yes I did use no_root_squash. Here is the export line im using:
> /rhome gss/krb5(no_root_squash,fsid=0,rw,insecure,no_subtree_check)
>
> And here is the corresponding automount entry from the server:
> * -fstype=nfs4,sec=krb5,port=2049 [myservernamehere]:/&
>
> Cheers
> Andy
>
> -----Original Message-----
> From: Ben Eisenbraun [mailto:bene at crystal.harvard.edu]
> Sent: 28 September 2009 16:00
> To: Andy Singleton
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Root access to NFS
>
> On Mon, Sep 28, 2009 at 03:18:13PM +0100, Andy Singleton wrote:
> > I have a 4-way multi-master setup, with a separate NFS server which
> > provides automounted home directories.
> >
> > This works pretty well, except when I try to access a mounted users
> > directory as Root.
> >
> > Unless the directory is exported as globally readable, I can't get
> > access as root.
>
> What are your export options? Did you enable no_root_squash?
>
> -ben
>
> --
> | Ben Eisenbraun | Software Sysadmin |
> | Structural Biology Grid | http://sbgrid.org |
> | Harvard Medical School | http://hms.harvard.edu |
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list