[KLUG Members] Re: fs permissions with smb/nfs/ldap
Chris Goron
members@kalamazoolinux.org
13 Jan 2002 12:06:43 -0500
On Sun, 2002-01-13 at 11:28, Bryan J. Smith wrote:
> Chris Goron wrote:
> > That's kind of a new concept for me then. I guess I'm a little confused
> > why you would want to control network resources by system and not user?
> > But I can live with that.
>
> Because Windows clients are single-user systems. UNIX clients are
> [simultaneous] multi-user systems. You don't have to worry about
> multiple users conflicting on a single-user Windows system, unlike
> UNIX. E.g., on Windows you don't have to worry about multiple users
> mounting and accessing the H: drive to different shares. But you _do_
> under UNIX, hence why only root can mount it, and the underlying
> permissions affect access. You _always_ mount resources with a
> "system-wide" perspective on UNIX, simply because its [simultaneous]
> multi-user nature (always has been).
>
> I haven't seen a UNIX client that "virtualizes" filesystems yet for each
> individual user. I guess it _could_ be done at the kernel-level, but
> why would you? UNIX has always been multi-tasking _and_ multi-user
> (whereas even OS/2-NT has only been about the former), so the idea is
> that you can have multiple users accessing the same resources.
>
> UNIX always "mounts" filesystems them like they were local. Hence why
> the way UNIX clients mount shares as directories is so much more
> "transparent" than the way Windows clients access UNCs (which you cannot
> "cd" into) or drive letters (which require the program to _know_ that it
> must use that drive letter).
Understood. Just a hard thing to grasp at first when you are more used
to NT and Netware networking.
>
> > I've checked and tried about every setting in the exports file including
> > the no_squash_root, I believe the problem lies in making my NFS on the
> > client side "LDAP aware".
>
> Just know UNIX doesn't "automagically" do anything. Mounting is a root
> operation, and you can't be scripting it into your user's login script.
Oh yes, I would never doubt that.
>
> *FURTHERMORE*, just because your user isn't "logged in" doesn't mean
> he/she's not using his account. E.g., he/she could be running a
> cronjob, something in the background, remote display, via screens,
> etc... So it is up to the _system_, not the user, to determine when a
> network resource is mounted.
>
> > Got it. I have autofs configured now and works very slick. Takes care of
> > that confusion for me I believe.
>
> Yes, autofs is the way. It's much easier if you mount a directory for
> many users -- like everyone in the same group on one server -- instead
> of just one user -- one share for everyuser. If you feel you must have
> a share for every user, make sure the paths are _unique_ and _absolute_
> for that user. E.g.:
>
> Something like:
> Bob:
> server:/home/bob /home/bob
> Mary:
> server:/home/mary /home/mary
>
> *NOT*
> Bob:
> server:/home/bob /home
> Mary:
> server:/home/mary /home
>
> Your "mounting scheme" should be _universal_ across your _entire_ LAN.
> I.e. Bob _always_ mounts his home directory in /home/bob.
>
> If you have multiple servers, go ahead and use /server/bob,
> /server/mary, etc... as the actual server directory and client
> mountpoint. You can then symlink various user home directories into
> /home/(user), etc... There a few issues with symlinks, but they are
> usually manageable (as long as /etc/password or whatever their user
> record points to a real home directory that is not a symlink)
Yup, got it. Autofs was the little gem I was looking for.
I also have the permissions problem worked out now with NFS. Not sure
what exactly the problem was I just stepped back through my LDAP
config/setup on my server and bingo, I had the correct permissions. LDAP
is very cool, now if they can incorporate the fs in LDAP............
Thanks for your help once again.
.
>
> -- Bryan
>
> --
> Bryan J. Smith, Engineer mailto:b.j.smith@ieee.org
> AbsoluteValue Systems, Inc. http://www.linux-wlan.org
> SmithConcepts, Inc. http://www.SmithConcepts.com
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>