[KLUG Members] Re: fs permissions with smb/nfs/ldap

[Bryan J. Smith]

Chris Goron wrote:
> That's kind of a new concept for me then. I guess I'm a little confused
> why you would want to control network resources by system and not user?
> But I can live with that.

Because Windows clients are single-user systems.  UNIX clients are
[simultaneous] multi-user systems.  You don't have to worry about
multiple users conflicting on a single-user Windows system, unlike
UNIX.  E.g., on Windows you don't have to worry about multiple users
mounting and accessing the H: drive to different shares.  But you _do_
under UNIX, hence why only root can mount it, and the underlying
permissions affect access.  You _always_ mount resources with a
"system-wide" perspective on UNIX, simply because its [simultaneous]
multi-user nature (always has been).

I haven't seen a UNIX client that "virtualizes" filesystems yet for each
individual user.  I guess it _could_ be done at the kernel-level, but
why would you?  UNIX has always been multi-tasking _and_ multi-user
(whereas even OS/2-NT has only been about the former), so the idea is
that you can have multiple users accessing the same resources.

UNIX always "mounts" filesystems them like they were local.  Hence why
the way UNIX clients mount shares as directories is so much more
"transparent" than the way Windows clients access UNCs (which you cannot
"cd" into) or drive letters (which require the program to _know_ that it
must use that drive letter).

> I've checked and tried about every setting in the exports file including
> the no_squash_root, I believe the problem lies in making my NFS on the
> client side "LDAP aware".

Just know UNIX doesn't "automagically" do anything.  Mounting is a root
operation, and you can't be scripting it into your user's login script.

*FURTHERMORE*, just because your user isn't "logged in" doesn't mean
he/she's not using his account.  E.g., he/she could be running a
cronjob, something in the background, remote display, via screens,
etc...  So it is up to the _system_, not the user, to determine when a
network resource is mounted.

> Got it. I have autofs configured now and works very slick. Takes care of
> that confusion for me I believe.

Yes, autofs is the way.  It's much easier if you mount a directory for
many users -- like everyone in the same group on one server -- instead
of just one user -- one share for everyuser.  If you feel you must have
a share for every user, make sure the paths are _unique_ and _absolute_
for that user.  E.g.:

Something like:
   Bob:
      server:/home/bob    /home/bob
   Mary:
      server:/home/mary   /home/mary

*NOT*
   Bob:
      server:/home/bob    /home
   Mary:
      server:/home/mary   /home

Your "mounting scheme" should be _universal_ across your _entire_ LAN. 
I.e. Bob _always_ mounts his home directory in /home/bob.

If you have multiple servers, go ahead and use /server/bob,
/server/mary, etc... as the actual server directory and client
mountpoint.  You can then symlink various user home directories into
/home/(user), etc...  There a few issues with symlinks, but they are
usually manageable (as long as /etc/password or whatever their user
record points to a real home directory that is not a symlink).

-- Bryan

-- 
Bryan J. Smith, Engineer          mailto:b.j.smith@ieee.org
AbsoluteValue Systems, Inc.       http://www.linux-wlan.org
SmithConcepts, Inc.            http://www.SmithConcepts.com