On 12/26/2008 12:26 PM, Mahesh Siddheshwar wrote:
> Dominik R?ttsches wrote:
>
>> Hi Mahesh,
>>
>> thanks for your help. Unfortunately I can't get it to function
>> properly yet.
>>
>>
>>
>>>> UID/GID mapping would be one solution, however, an easier one may
>>>> be sufficient: Can I force OS X clients that connect to the share
>>>> to be default mapped to the anonymous user with rw permissions?
>>>> Security is not so much a concern for the setup I'm looking at.
>>>>
>>>>
>>
>>
>>> Is there a mapping for uid 501 on the OpenSolaris box? If not then
>>> the uid will be mapped to
>>> 'anonymous' user. And you can map anonymous users to a particular
>>> id for that
>>> particular share using 'anon=uid' option. Check out share_nfs(1M)
>>> and sharemgr(1M)
>>>
>>>
>> Although the uid 501 (coming from the mac) is not a known user on the
>> solaris machine, it ends up assigning this UID as the file owner:
>>
>> # sharemgr show -vp
>> default nfs=(anon="101")
>> zfs
>> zfs/largeAtt/eyeTV nfs=(anon="101") smb=()
>>
>> Still ends up creating new entries with:
>> -rw-r--r-- 1 501 games 278528 2008-01-08 19:16 testFile
>>
>> which is the uid from the mac (501, GID 20 is "staff" on mac and
>> apparently "games" on opensolaris).
>>
>> I am not using kerberos or so, so it should be AUTH_SYS, as far as I
>> understand.
>> Is there still something wrong with my configuration here?
>>
>>
>>
> I'm sorry, that was my bad. This would work only in case of root access from
> the client.. otherwise it still maps to the numerical uid. So there is no
> workaround for your problem.
>
> Mahesh
>
> PS: One poor hack/workaround that is *not* recommended is, I tried
> to change the share security flavor with 'sec=none' option. I first
> mounted the share from mac client and then changed the security of
> the share to AUTH_NONE. In that case the uid is mapped to
> what is set with 'anon=id'. But the group is mapped to the same
> id as well..
>
That might work with only one user on the network.
The real solustion here is to get the UID's to agree on the different
machines.
If I understand things, OpenSolaris setup the accoutn with UID 101? and
the Mac setup it's accoutn with UID 501?
If changing the MacOS UID is hard, it's easy to change the OpenSolaris
UID. I'm betting there are ways to do this without editing the
/etc/passwd file, but that's thw way I'd do it. As root edit
/etc/passwd, find the line for the user you want to change, and change
the second field (in this case you'll change the 101 to 501.)
Save the file, then as root use 'chown -R <username> <homedirpath>' to
change the owner of the user's home directory (and all their files) to
be owned by the user again.
Once the UID's match on both systems, sec=sys should work fine.
-Kyle
