[KLUG Members] Re: fs permissions with smb/nfs/ldap

[Chris Goron]

On Sun, 2002-01-13 at 11:28, Bryan J. Smith wrote:
> Chris Goron wrote:
> > That's kind of a new concept for me then. I guess I'm a little confused
> > why you would want to control network resources by system and not user?
> > But I can live with that.
> 
> Because Windows clients are single-user systems.  UNIX clients are
> [simultaneous] multi-user systems.  You don't have to worry about
> multiple users conflicting on a single-user Windows system, unlike
> UNIX.  E.g., on Windows you don't have to worry about multiple users
> mounting and accessing the H: drive to different shares.  But you _do_
> under UNIX, hence why only root can mount it, and the underlying
> permissions affect access.  You _always_ mount resources with a
> "system-wide" perspective on UNIX, simply because its [simultaneous]
> multi-user nature (always has been).
> 
> I haven't seen a UNIX client that "virtualizes" filesystems yet for each
> individual user.  I guess it _could_ be done at the kernel-level, but
> why would you?  UNIX has always been multi-tasking _and_ multi-user
> (whereas even OS/2-NT has only been about the former), so the idea is
> that you can have multiple users accessing the same resources.
> 
> UNIX always "mounts" filesystems them like they were local.  Hence why
> the way UNIX clients mount shares as directories is so much more
> "transparent" than the way Windows clients access UNCs (which you cannot
> "cd" into) or drive letters (which require the program to _know_ that it
> must use that drive letter).

Understood. Just a hard thing to grasp at first when you are more used
to NT and Netware networking.

> 
> > I've checked and tried about every setting in the exports file including
> > the no_squash_root, I believe the problem lies in making my NFS on the
> > client side "LDAP aware".
> 
> Just know UNIX doesn't "automagically" do anything.  Mounting is a root
> operation, and you can't be scripting it into your user's login script.

Oh yes, I would never doubt that.

> 
> *FURTHERMORE*, just because your user isn't "logged in" doesn't mean
> he/she's not using his account.  E.g., he/she could be running a
> cronjob, something in the background, remote display, via screens,
> etc...  So it is up to the _system_, not the user, to determine when a
> network resource is mounted.
> 
> > Got it. I have autofs configured now and works very slick. Takes care of
> > that confusion for me I believe.
> 
> Yes, autofs is the way.  It's much easier if you mount a directory for
> many users -- like everyone in the same group on one server -- instead
> of just one user -- one share for everyuser.  If you feel you must have
> a share for every user, make sure the paths are _unique_ and _absolute_
> for that user.  E.g.:
> 
> Something like:
>    Bob:
>       server:/home/bob    /home/bob
>    Mary:
>       server:/home/mary   /home/mary
> 
> *NOT*
>    Bob:
>       server:/home/bob    /home
>    Mary:
>       server:/home/mary   /home
> 
> Your "mounting scheme" should be _universal_ across your _entire_ LAN. 
> I.e. Bob _always_ mounts his home directory in /home/bob.
> 
> If you have multiple servers, go ahead and use /server/bob,
> /server/mary, etc... as the actual server directory and client
> mountpoint.  You can then symlink various user home directories into
> /home/(user), etc...  There a few issues with symlinks, but they are
> usually manageable (as long as /etc/password or whatever their user
> record points to a real home directory that is not a symlink)

Yup, got it. Autofs was the little gem I was looking for.

I also have the permissions problem worked out now with NFS. Not sure
what exactly the problem was I just stepped back through my LDAP
config/setup on my server and bingo, I had the correct permissions. LDAP
is very cool, now if they can incorporate the fs in LDAP............

Thanks for your help once again.

.
> 
> -- Bryan
> 
> -- 
> Bryan J. Smith, Engineer          mailto:b.j.smith@ieee.org
> AbsoluteValue Systems, Inc.       http://www.linux-wlan.org
> SmithConcepts, Inc.            http://www.SmithConcepts.com
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>